Fortra’s 2025 Email Threat Report Predicts Standard Security Measures Fall Short in the Wake of AI

Fortra announced the publication of their 2025 Email Threat Intelligence Report. Fortra analysts and researchers evaluated over one million unblocked email threats from 2024 to understand how threat actors are bypassing common email security measures to target unsuspecting employees. The report’s predictions and actionable insights give organizations the data necessary to identify and defend against email-based attacks.

Among the findings, response-based social engineering tactics and links to phishing sites comprised 99% of the email threats analyzed. Only 1% of malicious emails that reached user inboxes delivered malware. This shows that while common pre-delivery email defenses are effective at stopping malware, they are far less capable of blocking high risk threats like business email compromise and credential phishing.

Likewise, the report shows adversaries are using simple emails that contain phone numbers and QR codes to lure victims into less secure environments where they can be more easily exploited. These multichannel attacks are difficult to detect because emails themselves are very basic and lack content that is typically flagged by filters. Fortra experts predict adversaries will refine these efforts going forward with generative AI capable of impersonating known individuals and their speech patterns.

The report also shows a 200% increase in misuse of developer tools as well as abuse of legitimate services such as eSignature platforms. Cybercriminals abuse these tools to easily launch phishing attacks and other threats using publicly accessible, trusted infrastructure. Absent more proactive anti-abuse measures by legitimate service providers, this abuse is expected to grow.  

“The incorporation of AI and trusted tools, paired with an unimaginable amount of stolen personal data, means today’s phishing campaigns are more likely than ever to compromise users,” said Matt Reck, CEO of Fortra. “Cybercriminals are clever, have financial backing, and will try anything to access valuable systems and data. We all need to know how to keep our guards up, and the findings in this report are a powerful guide.”

Source: Fortra media announcement