PDF attachments are used in 36% of phishing attacks as favoured attachments

SVG files are used in 34% of phishing attacks as favoured attachments.

Callback phishing accounted for 16% of phishing attempts in Q1 2025.

Link usage dropped by 42% in Q1 2025 compared to Q1 2024.

92% of the emails processed by VIPRE were spam.

As many as 20% of organizations experienced at least one attempted or successful account takeover (ATO) incident per month.

Over 60% of top-clicked phishing emails were related to HR and IT.

In attachment-based campaigns, people were most likely to open certain file types: PDFs (53%), HTML files (28.5%), Word files (18.5%).

68.6% of clicked links involved domain spoofing.

47% of email domains do not have Domain-based Message Authentication, Reporting and Conformance (DMARC) configured to protect against unauthorized use, including spoofing and impersonation attacks.

60.7% of the phishing simulations that were clicked mentioned an internal team.

Internal communications are a significant driver of phishing failures. Emails impersonating internal teams, particularly HR and IT, received the most failures in phishing simulations.

23% of HTML email attachments are malicious, making them the most weaponized text file type detected. More than three-quarters of the malicious files detected overall were HTML files.

68% of malicious PDF attachments contain QR codes designed to take users to phishing websites.

49.7% of clicked phishing simulations mentioned HR.

Callback scams now account for nearly one in five attempts.

The top three QR codes scanned in simulations related to: A new drug and alcohol policy from HR (14.7%), A DocuSign for review and signing (13.7%), A Workday happy birthday message (12.7%).

24% of email messages overall are now malicious or unwanted spam.

Link usage accounted for 75% of phishing attempts in Q1 2024.

35.9% of AI-generated content flows into email and messaging platforms.