The VIPRE Q1 2025 Email Threat Trends Report has revealed that scammers have used SVG (Scalable vector graphics – a widely used image format) files and callback phishing as the top tools for scamming in Q1 of 2025. This rise in the use of SVG files and callback phishing means scammers are now mostly using new ways to scam people. It could be because better security systems have made old scamming tools ineffective.
If we compare how phishing attacks occurred in Q1 of 2024, the report shows a different set of techniques employed in Q1 of 2025. It means that scammers are constantly working to bypass the latest security. So no one is secure unless they are up to date with the latest trends.
The report shows that SVG files have become the latest phishing tool for scammers. They have replaced HTML attachments, which accounted for 88% malspam attachments in Q1 of 2023, for phishing in emails and account for almost 34% malspam attachments in Q1 of 2025. This is because scammers can embed Javascript in these files. So once email users open them, they are directed to a phishing website. And It works because these SVG files appear harmless, so most users get easily fooled.
Callback phishing has also seen a rise in the Q1. It accounts for 16% of all phishing activity. There is a logic behind choosing this method. It is safer for scammers. They simply send a warning email stating an issue which could be solved by calling on the number given in the mail. So users who follow their instructions become the initiators of phishing activity without even knowing. Therefore, it becomes almost impossible for any system to warn users about possible scamming.
Traditional ways of scamming have also retained their position in Q1. About 37% of email scams were linked to Business Email Compromise scams. The method of brand spoofing–to imitate a brand to fool people–also remained common in the Q1. Microsoft, Google and PayPal were the top three brands spoofed by scammers to trick people into giving their data.
Another change that has been observed through the data is that scammers now prefer attachments to links. In the Q1 of 2024, 75% phishing attacks happened using links, but in 2025 this number has fallen to 42%. And only 24% attacks were done using attachments in the Q1 of 2024. But this number has doubled in the Q1 of 2025. We can say that scamming people using links now has become difficult.
These scammers mostly attacked the manufacturing industry through malware-containing emails. This is understandable because the manufacturing industries around the world are going through the digitization process. They are integrating cloud and AI into their systems. During the initial phase of the digitization, these industries are more vulnerable to such phishing attacks due to gaps in security. So it is the best time to attack them.
Why should the internet users consider this threat seriously? They should because 1.45 billion emails or 92% emails in Q1 were spam, as per the report. And out of there 92% spam emails, about 67% contained malware or phishing content. Which means that every internet user is almost equally prone to such spam emails.
The most important aspect of this report is that it has revealed the ways scammers are using in 2025. If some scammers gain success in tricking people, it is due to people not having knowledge of techniques used for phishing and scamming. Hopefully, this report will benefit people by exposing the latest scamming techniques.
Read next: Systrom Calls for AI to Prioritize Accuracy, Not Engagement, in Wake of Politeness Criticism
