Barracuda: One in five firms faces monthly email account attacks

Barracuda has published its 2025 Email Threats Report, detailing the current state of email-based risks facing organisations worldwide.

The report, based on Barracuda's threat detection data, reveals that attackers are increasingly moving malicious links and content into email attachments, aiming to bypass detection by conventional security tools. The report stresses the importance of implementing advanced AI-based threat detection to identify these concealed threats.

According to the research, as many as 20% of organisations faced at least one attempted or successful account takeover incident per month. Attackers typically sought access through phishing, credential stuffing, or exploiting weak and reused passwords. Once they have unauthorised access, attackers can steal sensitive data, navigate laterally within an organisation, and disseminate phishing emails from what appear to be trusted sources.

The report states that 23% of HTML attachments are malicious, designating them as the most weaponised type of text file. Indeed, more than three-quarters of all malicious files detected during the research period were HTML files. Despite their legitimate use for sharing content such as newsletters or invitations, these attachments have become a favoured vehicle for cyber attackers.

Furthermore, 68% of malicious PDF attachments and 83% of malicious Microsoft documents contain QR codes designed to redirect users to phishing websites. Among malicious PDF attachments, 12% are linked to Bitcoin sextortion scams, adding another layer to the evolving tactics adopted by cyber criminals.

Nearly half (47%) of email domains analysed in the report do not have Domain-based Message Authentication, Reporting and Conformance (DMARC) set up. Without DMARC, organisations are left more vulnerable to spoofing and impersonation attacks, where cyber criminals exploit the brand's identity to carry out fraudulent activity.

The report also shows that unwanted or malicious spam has risen to account for 24% of all email traffic, underlining the sheer scale of the challenge for IT departments attempting to manage and secure email communications.

Olesia Klevchuk, Product Marketing Director, Email Protection at Barracuda, commented on the findings: "Email remains the most common attack vector for cyberthreats because it provides an easy entry point into corporate networks. Malicious email attachments, QR codes and URLs are used by attackers to distribute malware, launch phishing campaigns and exploit vulnerabilities. Many organisations increase their risk level by failing to implement DMARC, making it possible for attackers to impersonate their brand and implement fraudulent attacks. Organisations need to mitigate the risks by implementing best practice industry standards and adopting a multi-layered approach to email security, leveraging AI-driven threat detection to spot attacks hidden in attachments and malicious websites."

The 2025 Email Threats Report by Barracuda collates proprietary research from February 2025, during which nearly 670 million malicious, spam or unwanted emails were analysed. This extensive data informed the key findings and recommendations described in the report.