Close Menu
    Regulation

    Over 5% of Worldwide Emails Identified as Malicious in 2025

    Ethan CarterBy No Comments2 Mins Read
    1765876801

    According to internet infrastructure leader Cloudflare, over 5% of all emails globally include malicious content.

    The web security powerhouse found that 5.6% of the global email traffic it analyzed in the past year was deemed malicious, translating to more than one in every twenty emails containing harmful content.

    In November, this rate surged to nearly one in 10, almost doubling the annual average, as it discovered.

    Malicious emails can cause significant harm, including the theft of credentials, data, or funds, as explained in Cloudflare’s 2025 year-in-review report.

    These findings are particularly pertinent for crypto investors, since phishing attacks targeting traders, investors, and executives have grown more sophisticated and have surged in recent months.

    Crypto phishing links can be exceptionally harmful. When a victim clicks on one of these malicious links or transfers cryptocurrency to a scammer, recovery is often impossible.

    019b2567 5add 7736 98b6 6dd1f850929c
    Malicious emails peaked at 9.7% in November. Source: Cloudflare

    Deceptive links lead threat categories

    More than half of these malicious emails, specifically 52%, contained deceptive links, marking the highest threat category, the report stated.

    Identity deception ranked second at 38%, a rise from 35% in 2024, as attackers impersonated trusted entities using spoofed domains and similarly appearing names.

    Related: Email auto-reply vulnerability allows hackers to mine cryptocurrency

    Cloudflare identified “.christmas” as the most abused top-level domain (TLD) extension, with 92.7% of malicious emails and 7.1% of spam originating from this domain type.

    Other frequently abused domain names included “.lol,” “.forum,” “.help,” “.best,” and “.click.”

    019b2567 5fc1 7961 bde9 fa149e9d0b6e
    Deceptive links were the leading threat category among malicious emails. Source: Cloudflare

    A quarter of HTML attachments are malicious

    Earlier this year, cybersecurity firm Barracuda analyzed 670 million emails categorized as malicious or undesirable spam.

    The analysis revealed that email continues to be the primary attack vector for cyber threats, with malicious attachments and links employed to distribute malware, initiate phishing campaigns, and exploit vulnerabilities.

    Approximately one in four emails were unwanted spam, a quarter of all HTML attachments were identified as malicious, and 12% of malicious PDF attachments were linked to Bitcoin scams, the report indicated.

    In November, Hornet Security noted that email remained a “consistent delivery vector” for cyberattacks in 2025, with malware-filled emails increasing by 131% year-over-year.

    Magazine: Do Kwon sentenced to 15 years, Bitcoin’s ‘choppy dance’: Hodler’s Digest