Three toll collection services, SunPass, E-ZPass, and EZDrive Massachusetts, appeared in the top 10 most targeted brands by cybercriminals.

The top 10 most imitated brands in Q1 2025 are: Steam, Microsoft, Facebook/Meta, Roblox, SunPass, E-ZPass, USPS, EZDrive Massachusetts, Netflix, and WeTransfer.

Each missed phishing email costs an average of $36.29 to investigate and remediate.

Phishing texts and emails (48%) were a common cyber disruption faced by SMBs in the past 12 months.

49% of SMBs believe AI will be most useful in flagging phishing emails and texts.

SEG miss rates range from 38.4 to 101 phishing emails per 100 mailboxes monthly.

Secure Email Gateways (SEGs) are missing an average of 67.5 phishing emails per 100 mailboxes every month. This analysis is based on actual phishing emails that bypassed SEG defences and were detected by the IRONSCALES email security platform.

Organisations with fewer than 100 mailboxes experience up to 7.5x more missed phishing attacks than large enterprises.

Each missed phishing email takes 27.5 minutes of analyst time

Over 65% of missed phishing emails across SEGs are vendor scams and credential theft.

3,829 days - average domain age for phishing attacks getting through.

Between September 15, 2024 and February 14, 2025, there was a 49.9% increase in phishing emails sent from compromised accounts.

20% of phishing emails between September 15, 2024 and February 14, 2025 relied solely on social engineering.

Most polymorphic phishing emails are sent from compromised accounts (52%), followed by phishing domains (25%), and webmail (20%).

There was a 17.3% increase in phishing emails between September 15, 2024 and February 14, 2025 compared to the previous six months.

81.9% of phishing victims had their emails leaked in previous breaches.

The phishing hyperlink, malware, and social engineering payloads getting through traditional detection have surged, with phishing hyperlinks increasing by 36.8%, malware by 20%, and social engineering tactics by 14.2% compared to the previous six months.

The most common third-party platforms used for phishing were: • sendgrid.com • salesforce.com • amazonaws.com • sendlayer.com • mailgun.com • marketo.com.

Of 512 job application-related phishing emails, attackers targeted engineering (64%) roles, followed by finance (12%), HR (10%), IT (10%), product (2%), and others (2%).

25.9% of phishing emails between September 15, 2024 and February 14, 2025 contained attachments.