Callback phishing accounted for 16% of phishing attempts in Q1 2025.

SVG files are used in 34% of phishing attacks as favoured attachments.

PDF attachments are used in 36% of phishing attacks as favoured attachments

In attachment-based campaigns, people were most likely to open certain file types: PDFs (53%), HTML files (28.5%), Word files (18.5%).

Over 60% of top-clicked phishing emails were related to HR and IT.

Link usage dropped by 42% in Q1 2025 compared to Q1 2024.

Link usage accounted for 75% of phishing attempts in Q1 2024.

People were more likely to click on links related to internal topics or impersonating known brands, accounting for 61.6% of clicks.

The top three QR codes scanned in simulations related to: A new drug and alcohol policy from HR (14.7%), A DocuSign for review and signing (13.7%), A Workday happy birthday message (12.7%).

Smishing attacks grew by 22%.

Vishing (voice-call phishing) tactics grew by 28%.

60.7% of the phishing simulations that were clicked mentioned an internal team.

Internal communications are a significant driver of phishing failures. Emails impersonating internal teams, particularly HR and IT, received the most failures in phishing simulations.

49.7% of clicked phishing simulations mentioned HR.

Despite regularly experiencing malware and phishing incidents, 90% of respondents expressed confidence in their organizations' security measures.

"More than half" of the organizations surveyed confirmed they regularly experienced malware and phishing incidents.

"More than half" of the organizations surveyed confirmed they regularly experienced malware and phishing incidents.

Social Engineering was the second-most common incident pattern in the region, with phishing appearing in 19% of breaches in EMEA.

Security awareness training has significantly reduced phishing susceptibility in large energy organisations, dropping from 47.8% to 4% in one year.

Phishing was behind 34% of attacks reported in the energy sector.