Malicious email attacks rose sharply in 2025, with global cybersecurity firm Kaspersky reporting a 15 percent increase in harmful and potentially unwanted email attachments compared to last year — a trend that experts say should alarm both businesses and everyday internet users in the Philippines.
New data show that nearly half of all emails sent worldwide this year — 44.99 percent of global traffic — were spam. Beyond unwanted advertisements, these messages include phishing attempts, scam offers, and malware designed to steal money and sensitive information. In total, more than 144 million malicious and suspicious email attachments were detected in 2025 alone.
The Asia-Pacific region, which includes the Philippines, recorded the highest share of email antivirus detections at 30 percent, underscoring the region’s vulnerability to cyber threats. Europe followed at 21 percent, with Latin America, the Middle East, Russia and CIS, and Africa trailing behind. Among individual countries, China posted the highest detection rate, followed by Russia, Mexico, Spain, and Turkey. Email-based attacks peaked during the months of June, July, and November.
Security experts warn that cybercriminals are not only increasing the volume of attacks but also refining their tactics. Many scams now combine email with other communication channels, tricking victims into shifting to messaging apps or phone calls. For example, fraudulent investment emails may redirect users to fake websites where they are asked to submit contact details, after which scammers follow up directly to pressure them into handing over money.
Phishing schemes are also becoming harder to detect. Attackers are disguising malicious links using link protection services and QR codes embedded in email messages or PDF attachments. Unsuspecting users who scan these codes on their mobile devices may unknowingly expose themselves to fraud, especially if their phones lack strong security protection.
In a troubling development, scammers have even exploited features of OpenAI to send spam emails from seemingly legitimate addresses, increasing the likelihood that recipients will trust the message. Meanwhile, calendar-based phishing schemes and increasingly sophisticated business email compromise (BEC) attacks have resurfaced, with criminals inserting fake forwarded messages into email threads to make scams appear authentic.
According to Kaspersky anti-spam expert Roman Dedenok, phishing remains one of the most dangerous cyber threats facing organizations today. One in ten business cyberattacks begins with phishing, and many are linked to advanced persistent threat groups. He added that the growing accessibility of generative artificial intelligence tools has made it easier for criminals to produce highly convincing, personalized phishing emails at scale, tailoring tone and content to specific individuals or companies with minimal effort.
For Filipinos, who rely heavily on email for work, online banking, government transactions, and e-commerce, the surge in malicious email activity serves as a stark warning. Experts stress that users should treat unexpected messages with caution, verify website links before clicking, and avoid responding to suspicious instructions, especially those urging immediate action.
As cybercriminals continue to sharpen their methods and exploit new technologies, vigilance is no longer optional. The latest figures signal that email remains a primary battleground in the fight against cybercrime — and Filipino individuals and businesses are firmly in the crosshairs.
