Low-tech phishing attacks are gaining ground
The report is based on an analysis of global real-world data and highlights the most significant email security trends from the first quarter of 2025. Callback phishing
Cybercriminals are taking the sentiment 'work smarter, not harder' to a whole other level with callback phishing scams, a vector that wasn't even part of the equation last year In Q1 2025, it accounts for 16% of phishing attempts.
This is pertinent because link usage, which accounted for 75% of phishing attempts in Q1 2024, dropped by 42% in Q1 2025, making room for callbacks, which now account for nearly one in five attempts. Callback phishing is a social engineering attack where victims are tricked into calling a seemingly legitimate phone number through emails or texts to reveal sensitive information or download malware.
With email scanning technology now adept at spotting compromised links, cybercriminals are resorting to callback scams via emails that leave no trace at all.
SVG files are fast becoming cybercriminals' favoured types of attachments (34%) for phishing attacks, coming a close second to PDF attachments (36%). By embedding the script tag of an SVG file with a malicious URL, attackers execute JavaScript when the link is opened in a web browser, redirecting the user to a compromised website. In doing so, they bypass anti-phishing defenses. The US is the most targeted region for such attacks, followed by Europe.
The backdoor-type malware, XRed, was responsible for the most malware attacks in Q1 2025, surpassing the second-most prominent malware family (Lumma) by a factor of three. StealC, AgentTesla, and Redline followed. Cybercriminals shift from HTML to PDF
In Q1 2025, not only were 92% of all emails classified as spam, but 67% of those were categorised as malicious. The US is the leading source of spam emails, generating 57% of all spam sent, and receiving 75% of malicious emails. The UK and Ireland stand at 8% each for sending and receiving bad emails.
HTML attachments took up no more than 12% share of cybercriminals' overall malspam strategy. With heightened awareness about the use of malicious HTML attachments, attackers are looking for less obvious methods, preferring PDFs and SVG files instead.
In Q1, Business Email Compromise (BEC) accounted for 37% of all email scam attacks. 73% of all BEC impersonation cases were instances of the CEO or other C-suite players being imitated. Because of the employee-employer power dynamic, making urgent, unexplained requests may be more plausible coming from higher up the hierarchy, as opposed to from a direct supervisor (9%) or even HR (4%).
The manufacturing sector remains the most targeted sector in the email threat landscape, holding its lead at 36% vis-à-vis the retail and financial sectors, which tie at second place, with each receiving 15% of attackers' attention.
'There's a clear shift in cybercriminals' preference towards low-tech, high-impact, human-centric tactics. This demands a fundamental rethink of email security,' said Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Fox News
3 days ago
- Fox News
CAPTCHAgeddon signals a dangerous shift
What looks like a simple "Are you human?" check is now one of the most dangerous tricks on the internet. Fake captchas have evolved into full-blown malware launchpads, thanks to a sneaky new method called ClickFix. It copies commands to your clipboard and tricks you into running them, without ever downloading a file. This shift in attack tactics is so big that researchers are calling it "CAPTCHAgeddon." It's not just a new scam. It's a viral malware delivery system that's more convincing, stealthy, and widespread than anything before it. Let's break down how this new wave of attacks works and what makes it so hard to stop. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Back in 2024, security experts warned about fake browser update pop-ups. Victims were told to download files that turned out to be malware. But those tricks are now outdated. Enter ClickFix. Instead of asking users to install something, ClickFix loads a fake CAPTCHA screen. It looks legit, just like Google reCAPTCHA or Cloudflare's bot checks. But when you click "verify," it secretly copies a malicious PowerShell or shell script to your clipboard. From there, you're just one paste away from installing malware that steals your accounts, passwords, and files. This new trick is more convincing than any old download prompt. And it's spreading like wildfire. Fake captchas didn't stay in sketchy ad pop-ups for long. Attackers realized they could hide these tricks in places people already trust: Each attack blends into the site or service it mimics. Some CAPTCHAS even display site logos, making the trick look like it came from the page itself. This isn't a spray-and-pray scheme anymore. It's targeted social engineering wrapped in sleek design. These aren't low-effort scams. Attackers constantly evolve their tactics to avoid detection. Here's what makes this malware so stealthy: Attackers also serve the payloads through trusted-looking domains and even legitimate-looking JavaScript libraries. Security researchers at Guardio didn't just look at one attack. They analyzed thousands. By clustering command structures, domains, and payload patterns, they identified multiple threat actors using similar tactics, each with a slightly different twist. Some groups use heavily obfuscated code. Others go for speed with clean, readable scripts. But all of them rely on the same core trick: fooling you into clicking something that seems harmless. These new ClickFix scams are stealthy, convincing, and hard to detect, but you can stay safe with the right habits and tools. Here's what to do immediately: Always run the latest version of your browser and operating system. Updates patch security holes that attackers exploit. Also, use a strong antivirus software and keep it updated. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at If a site asks you to paste a command into your terminal or browser console, stop. That's the main delivery method for ClickFix malware. Legitimate services will never ask you to do this. Phishing campaigns are hiding fake CAPTCHAs in legit-looking URLs on Reddit, GitHub, and even news sites. Always hover over links before clicking and double-check the domain, especially if prompted to "verify you're human." These attacks often target users whose emails or personal details are already circulating online. These services can reduce your digital footprint by requesting removal from data broker sites. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren't cheap - and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It's what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting a free scan to find out if your personal information is already out on the web: Modern browsers like Brave, Chrome, Firefox, Safari, and Opera offer real-time protection that blocks malicious websites, including fake CAPTCHA pages. Microsoft Edge also includes strong phishing defenses through its SmartScreen filter. Make sure features like Enhanced Safe Browsing or SmartScreen are turned on. These tools detect threats before you click, giving you a critical layer of defense. Password managers don't just store your logins; they can also alert you when a site looks suspicious. If your manager won't autofill a password on a CAPTCHA screen or login page, that's a red flag. It usually means the site isn't recognized as legitimate. This small moment of hesitation can help you avoid falling for a scam. Check out the best expert-reviewed password managers of 2025 at If you land on a shady CAPTCHA page, don't just close the tab; report it. Most browsers have a "Report a security issue" option, or you can use Google Safe Browsing ( Flagging malicious pages helps stop the scam from spreading and protects others from falling victim to the same trap. Most people don't know about these clipboard-based attacks. Share this article and talk about it. Raising awareness can stop the scam from spreading. CAPTCHAgeddon marks a turning point. Malware isn't just hiding in shady downloads anymore. It's hiding in plain sight, on familiar websites, in trusted apps, and inside the buttons you click every day. This trend replaces the fake browser update scam entirely. It's smarter, faster, and harder to detect. And unless we understand how it spreads, it will only grow. Security now means thinking twice about the everyday. Even a CAPTCHA. Have you ever encountered a suspicious CAPTCHA or a strange prompt online? What tipped you off, or did you almost fall for it? Let us know by writing to us at Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Copyright 2025 All rights reserved.
Business Insider
4 days ago
- Business Insider
Codecademy Pro deal: Save 50% on career-boosting courses
As the summer starts winding down, you may be looking for a way to level up your career this fall. Adding a new skill or certification to your résumé can help. While there are plenty of online learning platforms out there, Codecademy offers some of our favorite career development features and courses. Plus, you can get a discounted subscription for a limited time with the current Codecademy Pro deal. While the deal is live, you can save 50% on an annual Codecademy Pro subscription, bringing the price down to just $120 a year. Typically, a Pro subscription costs either $239.98 a year or $479.98 if you pay monthly, so this is a chance to save over $350 on a subscription. Codecademy originally started as a programming club at Columbia University, and now offers over 700 courses in coding, web development, data analytics, and more. While any Codecademy subscription can help you learn basic coding languages like Python and JavaScript, the Pro plan adds on valuable professional development features to help you work toward your career path of choice. Keep in mind that this deal is only valid for the first year of your Codecademy Pro subscription. After that, your membership will automatically renew at the original price, currently $239.88, although you can cancel at any time. Codecademy Pro deal: Frequently asked questions When does the Codecademy Pro deal end? The Codecademy Pro deal is live now and will end on August 13, so you still have two days left to subscribe. What are the different Codecademy plans? Codecademy offers three plans for individuals. The Basic plan is a free account that gives you access to select courses and resources, making it a good choice if you're learning to code as a hobby. However, the Basic plan only has limited access to the Codecademy app and lacks other features like career certifications and personalized practice. The Plus plan, which typically costs $29.99 a month or $179.99 a year, gives you unlimited access to the app and other features like AI learning assistance and real-world projects. Finally, the Pro plan, which typically costs $39.99 a month or $239.88 a year, gives you everything in the Plus plan and more. The Pro plan is especially helpful for career development, as it offers career services, interview prep courses, and professional certifications that the other plans lack. Keep in mind that the current Codecademy deal is only applicable to Pro annual subscriptions.
Time Business News
4 days ago
- Time Business News
The Rise of Custom Software Development in Chicago: Trends and Benefits for 2025
With the development of software being so fast-paced, are things becoming hard for you to keep pace with? Lagging behind in trends might, sooner or later, mean missing out on some opportunities for growth in business. Every year sees the industry unfold with different technologies and methods, and 2025 is no different. Hence, firms aiming to remain competitive should at least try to understand and make use of the current trends in software development. Present-day firms are expected to develop solutions that are agile and adaptable to accommodate changes in market circumstances. An organization that stays crystal clear on its dynamics can innovate quickly, provide the best user experience, and stay ahead of the competition. Whatever the situation: startup or seasoned enterprise, teaming up with the Custom Software Development Services in USA can serve as a strategic benefit for a business. Presently, a large number of companies rely upon a Top Software Development Company in the USA to get the most updated, cutting-edge digital solutions made just for them. Before digging further into the top software development trends for 2025, let's first get to know what software development actually entails. Software development entails the structured designing, crafting, testing, and upgrading of any software installations to meet specific user needs and business goals. Within this structure is the Software Development Life Cycle (SDLC), which comprises stages such as planning, analysis, design, programming, testing, deployment, and maintenance. Some of the various specializations include: Web development Mobile application development Desktop application development Embedded systems programming With the appropriate use of programming languages, developers typically switch from Python, Java, C++, or JavaScript, depending on the project specifications or platforms. Modern software development is an industry night, which rather than standing in workflows and productivity, it makes a motion against the methodologies such as agile, scrum, and devOps: Works on the principle of iterative development and changes according to customer requirements. Scrum focuses on the team developing the product collectively within sprints. DevOps adheres to the build, kit, and operate distinction, improved deployment speed, automation, and integration. Cybersecurity remains a significant concern in software development between 2024 and beyond. As the digital threat landscape is becoming increasingly complex, traditional measures like the perimeter firewall and basic anti-malware utilities have proved insufficient. Hence, modern development methodologies, especially those employed by a Top Software Development Company in the USA, carry security measures right through the stages of the Software Development Life Cycle (SDLC). AI has revolutionized cybersecurity solutions that detect and handle threats. Automating the whole security process allows instant recognition of vulnerabilities and their elimination; moreover, as AI learns, it keeps adapting to evolving threats. Such a method keeps data safe, secures customer trust, and fulfils the criteria set out by privacy standards. Collaborating with a Custom Software Development Company in Chicago would ensure that security is not an afterthought but the very foundation of your software product. While blockchain was once the province of digital money, it is currently undergoing evolution to spread its influence on supply chain management, finance, healthcare, and so on. It offers many valuable features like transparency, decentralization, and security, all of which would enable any system to improve efficiency and trustworthiness. The shared ledgers guarantee the storage of data without tampering, hence a reduced risk of fraudulent activities. This also eliminates intermediaries and results in faster and cheaper operations with high integrity of transactions and records. Being a Custom Software Development Company in USA, they would implement a blockchain-based system to enhance operational transparency, reduce manual efforts, and authenticate data. Automated Quality Assurance Systems in the software industry are in high demand. Increasingly complex applications now require larger-scale testing solutions that are efficient. AQAS applies algorithms that include artificial intelligence, machine learning, and intelligent recognition to produce, perform, and analyze test cases automatically. Modern testing frameworks abide by the best practices, such as OWASP Top 10 security standards, and are an integral part of secure application development. A Top Software Development Company in the USA can administer AQAS in businesses, helping to reduce testing time and costs and accelerate bug-free product delivery. These tools are agile-friendly, ensuring speed does not come at the expense of quality. Early 2026 will be marked by a growing 5G wave at large, giving a significant direction for digital connectivity. This next-generation communication speed is challenged and redefined with response time and capacity, for that matter, whether that be for consumers or businesses. Sectors like IoT, driverless cars, AR, and telemedicine are all thriving with such low latency and high throughput offered by 5G. In 5G, smart cities are taking shape; there is industrial automation and real-time monitoring of devices. With good upload and download speeds, gaming, streaming, and mobile app user experiences have all improved. A can harness these newly found advantages to create high-end connected applications that will serve modern users in all their new needs. Now in 2025, AI continues to lead the technology spheres with more industries getting added to the list of its utilization. AI is changing operations in a major industry that ranges from healthcare, finance, manufacturing, to retail by sorting through vast amounts of data, giving insights, and performing predictive analytics. AI also changes the way businesses interact with customers, monitor for fraud, automate workflows, and make strategic decisions. In health, it works to assist diagnosis and treatment planning, while, in finance, it is involved in real-time risk management. AI-powered chatbots and virtual assistants, therefore, also improve customer experiences and engagement. In this era of data, to stay competitive, companies are partnering with Custom Software Development Services in USA to build AI-powered platforms for innovation and streamlining their operations. In the meantime, due to the pandemic, cloud computing received a significant boost. The cloud became the foundation for business continuity and aided in digital transformation. It finds use as a kind of tool that allows for scalability, cost efficiency, and remote accessibility under a hybrid and remote work environment. Cloud services assist with cross-functional collaboration, data access with great availability, and rapid deployment of solutions. Henceforth, there has been no need for the cost of laying down the price for expensive hardware, as these cloud platforms provide powerful computing capabilities on demand. Working alongside the best software development company in Chicago will enable businesses to migrate from legacy systems to cloud-based implementations, streamlining business operations and adopting cloud-native technologies that future-proof their digital infrastructure. Machine learning is termed the center for emerging development trends in 2024. Its ability to check patterns, make automated decisions, and extend the capabilities of applications sets new parameters for software development. Developers adopt ML techniques in natural language processing, computer vision, and recommendation systems to develop the next generation of intelligent systems. In the case of software testing, ML algorithms power automated test tools that learn and adapt based on data, making them faster, more accurate, and less prone to human errors. These are, thus, the need of every modern-day development team. Utilizing the services of a Custom Software Development company in USA would equip a business for implementing ML algorithms into their tech stack to create smarter applications that evolve along with user needs, automate complex tasks, and reveal deeper insights. Let's be honest—off-the-shelf software rarely checks all the boxes for insurance companies. Each firm has its own set of rules, workflows, and compliance standards; attempting to force a generic tool into such a mold often causes more problems than it solves. That is why there has been a growing trend of insurers turning toward custom-built software: it is simply logical. The software works the way your business works. Across the board, Insurance Industry Software Solutions in USA are shifting focus. Instead of adapting to limited tools, companies are turning to a Custom Software Development Company in Chicago to create solutions that are tailored to their specific needs. Whether it's streamlining how policies are managed or building out smarter claim tracking systems, custom software offers real, tangible value. Most insurance teams spend way too much time wrestling with systems that don't talk to each other. You enter data in one place, only to enter it again in another. Emails bounce back and forth. It slows everything down. But when your software is tailored to your actual workflow? Everything moves faster, smoother, and with fewer headaches. With so many Custom Software Development Services in USAout there, companies now have options to fix these inefficiencies for good. A best company won't just give you flashy tools—they'll help your staff do more with less. Automating the routine stuff like renewals or calculations means people can focus on bigger-picture work. And your customers will notice the difference. Businesses evolve. You might start out small, then open offices in other states or roll out a new insurance product. That's all great—until your software can't keep up. One of the big perks of going custom is that your system can grow with you. You don't have to switch platforms every time you scale. You just build on what you've already got. That's why many are working with a custom Software Development Company —because having flexible, scalable tech matters. The insurance world is always shifting. Whether it's new rules or changing customer expectations, a strong tech partner like a seasoned Insurance Software Company can help you stay a step ahead. Insurance firms handle incredibly sensitive data—things like medical records, bank info, personal details—and that info has to be locked down. Pre-made software might offer decent security, but it's usually one-size-fits-all. With custom software, you get to choose how your data is stored and protected, right down to the smallest setting. The best custom software development agency knows the risks and responsibilities that come with handling such sensitive information. A Top Software Development Company in USA doesn't just make things work—they make sure your system meets compliance standards from day one. That means fewer surprises and less stress when audits roll around. People don't want to jump through hoops to understand their policies or file a claim. They want it simple. They want speed. And they want everything digital. Custom software makes that happen. It gives you the power to design portals, apps, and digital tools that match how your clients live and interact today. When a Custom Software Development Company builds a platform for you, they're not just thinking about your backend—they're thinking about the people using it on the other end. And in today's market, where customer expectations are sky-high, that kind of thoughtful design gives you an edge. New updates are crucial because software development changes so fast in today's fast-paced world. The process of development is no longer merely coding solutions: It is all about creating smart solutions that are adaptable and secure in alignment with ever-changing business needs. Any enterprise looking to remain competitive, scalable, and future-ready should embrace change-from AI-based automation, through machine-learning algorithms, advanced cybersecurity measures, and cloud computing. Do not keep waiting; let your software development businesses, decision-makers, and technology leaders jump at the implementation of these emerging software development trends in their digital strategy so that they might enhance operational efficiencies and a good user experience, while unlocking new revenues If you are ready to realize the software/app concept, it is time to partner with a company that understands the future of technology. You may partner with trusted Custom Software Development Company in USA to develop custom digital solutions tailored uniquely for you. Hire the Best Software Development Company in USA that combines innovation, agility, and technical knowledge to take your ideas and build impactful, high-performing applications. The future of software is here, and your business must be at the helm of it. TIME BUSINESS NEWS
