The emails are designed to appear authentic. They might offer a prize or warn the recipient about a potential lawsuit. But the odds are high that they are fakes designed to steal crucial personal data or to infect a computer network with malicious software.
In 2025, 45% of all emails sent around the globe contained some sort of scam, according to internet security company Kaspersky.
The majority of emails targeted internet users in Asia, Europe, and North America. African users accounted for 6% of victims. However, African internet users are becoming a growing target for such attacks as internet access continues to expand on the continent.
In Malawi, nearly 16.7% of internet users were the target of email attacks in 2025, marking the first time that country had joined Kaspersky’s list. Tunisia also made the list with just over 16% of its internet users targeted by scammers. Con artists targeted 15.2% of internet users in Kenya and Madagascar.
“This underscores the reality that, alongside the deployment of robust security software, users must remain vigilant and exercise extreme caution toward any online offers that raise even the slightest suspicion,” the authors of the Kaspersky report wrote.
Online fraudsters’ emails come in a seemingly endless array of styles. AI plays an increasing role in helping scammers target their victims. Some of the most popular techniques revolve around phishing emails designed to trick recipients to click a link and provide personal information. The bait can be free tickets to an event or the potential threat of government action if the recipient doesn’t respond.
Others are designed to look like internal company messages, often from someone high up in the company, urging the recipient to review a document with links that trigger the theft of personal data or even bank information.
“In 2025, we saw an increase in the sophistication of targeted email attacks,” Roman Dedenok, anti-spam expert at Kaspersky, said in a statement. “Even the smallest details are meticulously crafted in these malicious campaigns, including the composition of sender addresses and the tailoring of content to real corporate events and processes.”
As scam blocking software has become better at catching malicious emails, fraudsters have hidden those links by converting them into QR codes that appear as images in the email but provide a link when read by a computer or smartphone.
A separate analysis by cybersecurity company Barracuda found that malicious QR codes are frequently embedded in PDF or Microsoft 365 documents because they are widely trusted in business environments. The QR codes take victims to fake Microsoft 365 log-in sites where scammers steal business credentials.
“This growing trend highlights the need for advanced security measures that can analyze QR codes in attachments,” Barracuda analysts wrote in their report.
In many cases, scammers employ Google’s online services to provide their fraud with the air of legitimacy. Google Docs and Google Forms have become popular ways to capture victims’ information. Fraudsters may even use Google Calendar to create fake events tied to a victim’s WhatsApp account.
“Because these emails originate from Google’s own mail servers, they appear authentic to most spam filters,” Kaspersky researchers wrote. The attackers rely on the victim focusing on the fake link rather than on the nature of the document.
Messaging services WhatsApp and Telegram have become the targets for scammers who use them to lure victims into participating in contests or providing their personal details in other ways. In some cases, scammers may even hijack their victim’s account to perpetuate the scam.
“Account hijacking on messaging platforms like WhatsApp and Telegram remains one of the primary objectives of phishing and scam operations,” the Kaspersky researchers wrote. “While traditional tactics, such as suspicious links embedded in messages, have been well-known for some time, the methods used to steal credentials are becoming increasingly sophisticated.”
