Financial lures are the number one ploy in phishing emails, representing 35% of samples.

Swedish language use in BEC scams is 3.8%.

Account verification and updates account for 20% of approaches in phishing emails.

Among the unidentifiable phishing kits used by phishing sites, other generic kits account for 5%.

For Business Email Compromise (BEC) attacks, English-speaking executives remain the most targeted at 42%.

Norwegian language use in BEC scams is 1.5%.

Package delivery messages account for 5% in phishing emails.

Lumma Stealer is the most encountered malware family found in the wild during Q2 and is often delivered via malicious .docx, .html, or .pdf attachments, or through phishing links hosted on compromised or legitimate-looking cloud services such as OneDrive, and Google Drive.

Healthcare was the third most targeted sector for email-based attacks in Q2 2025, accounting for 19% of attacks.

Retail was the second most targeted sector for email-based attacks in Q2 2025, accounting for 20% of attacks.

Legal or HR notices account for 5% in phishing emails.

Urgency-based messaging is the second most tried approach in phishing emails, at 25%.

Impersonation is the most common technique in BEC scams, with 82% of attempts targeting CEOs and executives.

Travel-themed messages account for 10% in phishing emails.

For phishing delivery, the majority (54%) of cybercriminals leveraged open redirect mechanisms.

The Manufacturing sector was the prime target for email-based attacks in Q2 2025, accounting for 26% of all incidents.

Voice phishing (vishing) is on track to double last year’s volume by the end of 2025.

Travel-themed messages account for 10% in phishing emails.

Legal or HR notices account for 5% in phishing emails.

Phishing and deception made up 31.6% of traffic on DNSFilter's network, marking an increase compared to the prior quarter. This amounted to over 750 million queries.