In attachment-based campaigns, people were most likely to open certain file types: PDFs (53%), HTML files (28.5%), Word files (18.5%).

Smishing has rapidly grown to comprise over two-thirds of mobile phishing attacks. Specifically, SMS/text based phishing (Smishing) is now 69.3% of all mishing attacks.

Smishing attacks grew by 22%.

68.6% of clicked links involved domain spoofing.

Link usage accounted for 75% of phishing attempts in Q1 2024.

Link usage dropped by 42% in Q1 2025 compared to Q1 2024.

Callback phishing accounted for 16% of phishing attempts in Q1 2025.

SVG files are used in 34% of phishing attacks as favoured attachments.

PDF attachments are used in 36% of phishing attacks as favoured attachments

Vishing (voice-call phishing) tactics grew by 28%.

60.7% of the phishing simulations that were clicked mentioned an internal team.

Internal communications are a significant driver of phishing failures. Emails impersonating internal teams, particularly HR and IT, received the most failures in phishing simulations.

49.7% of clicked phishing simulations mentioned HR.

In attachment-based campaigns, people were most likely to open certain file types: PDFs (53%), HTML files (28.5%), Word files (18.5%).

"More than half" of the organizations surveyed confirmed they regularly experienced malware and phishing incidents.

Despite regularly experiencing malware and phishing incidents, 90% of respondents expressed confidence in their organizations' security measures.

"More than half" of the organizations surveyed confirmed they regularly experienced malware and phishing incidents.

Security awareness training has significantly reduced phishing susceptibility in large energy organisations, dropping from 47.8% to 4% in one year.

Social Engineering was the second-most common incident pattern in the region, with phishing appearing in 19% of breaches in EMEA.

Phishing was behind 34% of attacks reported in the energy sector.