The rising threat of email attachments: Insights from Barracuda’s 2025 Email Threats Report

In an era of increasingly sophisticated cyberthreats, understanding the evolving landscape of email-based attacks is crucial for organizations of all sizes. The new Barracuda 2025 Email Threats Report shines  light on attackers’ tactics with valuable insights to help you stay ahead of today’s most pressing email security threats.

HTML files are the most dangerous attachments

One of the most striking findings from the report is that 23% of HTML attachments are malicious, making them the most weaponized type of text file. This statistic underscores a significant shift in how attackers are operating. Rather than relying solely on malicious links, cybercriminals are embedding harmful content within attachments to evade detection by traditional security measures. In fact, more than three-quarters of all detected malicious files were HTML files.

The evolving email threat landscape

The report highlights several other concerning threats:

• Phishing and account takeover: Approximately 20% of organizations experience at least one attempted or successful account takeover (ATO) incident each month. Attackers often gain access through phishing schemes, credential stuffing or exploiting weak passwords. Once they infiltrate an account, they can steal sensitive information and launch further attacks from within.
• Malicious QR codes: As many as 68% of malicious PDF attachments and 83% of malicious Microsoft documents contain QR codes that direct users to phishing websites. This tactic exploits users’ trust in familiar document formats.
• Bitcoin sextortion scams: These scams account for 12% of malicious PDF attachments. This trend highlights the need for vigilance against emerging threats that leverage fear and urgency.
• DMARC configuration gaps: Alarmingly, 47% of email domains lack Domain-based Message Authentication, Reporting and Conformance (DMARC) configuration, which is essential for protecting against spoofing and impersonation attacks. This gap leaves many organizations vulnerable to attacks that can damage their reputation and trustworthiness.
• Malicious spam proliferation: The report also notes that 24% of email messages are now classified as unwanted or malicious spam, further complicating the email security landscape.

The importance of advanced threat detection

“Email remains the most common attack vector for cyberthreats because it provides an easy entry point into corporate networks. Malicious email attachments, QR codes and URLs are used by attackers to distribute malware, launch phishing campaigns and exploit vulnerabilities,” according to Olesia Klevchuk, Barracuda’s product marketing director for Email Protection.

A multi-layered approach to email security is needed, which includes leveraging AI-driven threat detection to identify hidden attacks within attachments and malicious websites and implementing best practices like DMARC to prevent attackers from impersonating your brand.

Stay informed and protected

As cyberthreats continue to evolve, organizations must stay informed about the latest risks and adopt robust security measures. The full 2025 Email Threats Report offers valuable insights and best practice recommendations to help businesses navigate the complex email threat landscape.

For more detailed findings and security strategies, read the complete report.