Cyber Criminals Shift To Personalized Deception In Email Attacks

Uploaded on 2025-08-06 in NEWS-Cybersecurity News, FREE TO VIEW

The leading cybersecurity, privacy, and data protection firm Vipre Security Group has released its Q2 2025 Email Threat Landscape Report, highlighting a significant shift in cybercriminal tactics.

The report, based on an analysis of global real-world data, uncovers a growing reliance on hyper-personalized, AI-driven phishing techniques that exploit human vulnerabilities rather than traditional technological tricks.

This evolution in email-based threats is raising alarms for organizations worldwide, urging them to rethink their cybersecurity strategies to combat increasingly sophisticated attacks.

The report reveals that cybercriminals are moving away from conventional methods, such as easily detectable malicious links or attachments, and are instead leveraging advanced, untraceable phishing kits and social engineering tactics.

A striking 58% of phishing sites now utilize unidentifiable phishing kits, which are custom-made or obfuscated to evade detection. These kits, powered by artificial intelligence (AI), are not only difficult to reverse-engineer or track but are also affordable, enabling cybercriminals to deploy malicious campaigns at scale. Among the most prevalent kits are Evilginx (20%), Tycoon 2FA (10%), and 16shop (7%), with an additional 5% attributed to other generic kits.

The accessibility of these tools has democratized cybercrime, making it easier for both seasoned attackers and novices to launch effective campaigns.

Chief Product and Technology Officer at Vipre Security Group, Usman Choudhary, emphasized the gravity of this trend: “It’s clear what the threat actors are doing – they are outsmarting humans through hyper-personalized phishing techniques using the full capability of AI and deploying at scale. Organizations can no longer rely on standard cybersecurity processes, techniques, and technology. They need comprehensive and advanced email security solutions that can help them to deploy like-for-like defenses - at the very least - if not help them stay a step ahead of the tactics used by cybercriminals.”

For the sixth consecutive quarter, the manufacturing sector remains the primary target for email-based cyberattacks, accounting for 26% of all incidents in Q2 2025.

These attacks include business email compromise (BEC), phishing, and malspam. The retail sector follows at 20%, with healthcare close behind at 19%, consistent with trends observed over the past year. The report suggests that the manufacturing sector’s high reliance on mobile access may contribute to its vulnerability, as employees are more susceptible to phishing attacks while working remotely or on the go.

BEC attacks, in particular, have seen a notable increase in sophistication, with a marked focus on Scandinavian executives. While English-speaking executives remain the most targeted group at 42%, Danish executives account for 38% of BEC attempts, with Swedish and Norwegian executives comprising a combined 19%. The report attributes this localization to the use of native languages in corporate communications, particularly in HR, finance, and executive functions, which makes localized attacks more convincing. Danish is used in 11.9% of BEC scam attempts, followed by Swedish at 3.8% and Norwegian at 1.5%. Impersonation is the dominant technique in these scams, with 82% of attempts targeting CEOs and executives, followed by directors and managers (9%), HR personnel (4%), IT staff (3%), and school heads (2%).

The report identifies Lumma Stealer as the most prevalent malware family in Q2 2025. Delivered through malicious .docx, .html, or .pdf attachments, or via phishing links hosted on services like OneDrive and Google Drive, Lumma Stealer’s popularity stems from its availability as a Malware-as-a-Service (MaaS). Its active developer support and low cost make it attractive to a wide range of cybercriminals. The report notes that this accessibility has broadened the malware’s reach, enabling both experienced and novice attackers to deploy it effectively.

Cybercriminals are also refining their persuasion tactics to lure victims. Financial incentives, such as emails related to money, financial errors, or fiduciary imperatives, are the most common bait, accounting for 35% of malicious email samples. Urgency-based messaging follows at 25%, with account verification and update requests at 20%. Other tactics include travel-themed messages (10%), package delivery notifications (5%), and legal or HR notices (5%). For phishing delivery, 54% of attacks leverage open redirect mechanisms, using legitimate-looking links hosted on marketing, tracking, or even security platforms to mask malicious destinations. Compromised websites (30%) and URL shorteners (7%) are also widely used.

PDFs remain the preferred vehicle for malicious attachments, with 64% of cases featuring embedded QR codes designed to execute attacks.

The final stage of these attacks often involves exploitation mechanisms like HTTP POST to remote servers (52%) and email exfiltration (30%), further complicating detection efforts. The report underscores the need for organizations to adopt advanced email security solutions that address both technological and human vulnerabilities. Choudhary’s comments highlight the urgency of this shift, as traditional defenses are increasingly ineffective against AI-enhanced, human-centric attacks.

As cybercriminals continue to exploit AI and human psychology, Vipre’s Q2 2025 report is a critical resource for organizations aiming to stay ahead of evolving email threats, and is avaivlable HERE

Image: Ideogram

You Might Also Read:

High Stakes: Business Email Compromise:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.