According to Internet infrastructure giant Cloudflare, more than 5% of all emails sent worldwide contain malicious content.
The web security giant revealed that a total of 5.6% of the global email traffic it analyzed over the past year was found to be malicious. This equates to more than 1 in 20 emails containing harmful content.
In November, that number jumped to nearly one in 10, nearly double the average for this year.
Cloudflare explained in its 2025 Overview Report that malicious emails include emails that can cause harm, including theft of credentials, data, and money.
The findings are particularly relevant to crypto investors, as phishing attacks targeting crypto traders, investors, and executives have become increasingly complex and have proliferated in recent months.
Cryptophishing links can be especially damaging. Once a victim falls into one of these malicious links or sends their cryptocurrency to a scammer, there is usually no turning back.
Malicious emails jumped to 9.7% in November. sauce: cloudflare
Deceptive links dominate threat category
More than half, or 52%, of these malicious emails contain malicious links, making this the most threatening category.
Identity fraud was the second highest at 38%, up from 35% in 2024. This is because attackers use spoofed domains, lookalike domains, or display name tricks to impersonate trusted individuals.
Related: Vulnerability in email auto-reply allows hackers to mine cryptocurrencies
Cloudflare also revealed that the most abused top-level domain (TLD) extension was “.christmas,” with 92.7% of malicious emails and 7.1% of spam coming from this domain type.
Other commonly abused domain names include “.lol,” “.forum,” “.help,” “.best,” and “.click.”
Malicious links were the most threatening category of malicious emails. sauce: cloudflare
A quarter of HTML attachments are malicious
Earlier this year, researchers at cybersecurity firm Barracuda analyzed 670 million emails that were malicious spam or junk.
They found that email remains the most common attack vector for cyberthreats, with malicious attachments and links used to distribute malware, launch phishing campaigns, and exploit vulnerabilities.
They report that one in four emails is unwanted spam, a quarter of all HTML attachments are malicious, and 12% of malicious PDF attachments are Bitcoin scams.
In November, Hornet Security reported that email will become a “consistent delivery vector” for cyberattacks by 2025, with a 131% year-over-year increase in emails containing malware.
magazine: Do Kwon sentenced to 15 years in prison for Bitcoin’s ‘broken dance’: Hodler’s Digest
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
