Cybercriminals continue to evolve their methods to bypass traditional email security filters. One of the most commonly used tools is HTML attachments, a well-known attack method that continues to be effective. In a new report from Barracuda Networks it is clear that the whole 23 percent of all HTML attachments in emails are maliciousThat makes HTML the most widely used text format among cybercriminals.

The report, based on data from February 2025 and covering nearly 670 million emails analyzed containing malicious content, spam or other unwanted messages, provides a clear picture of how email continues to be a central attack point for cybercrime.

More results from the study in brief:

• 20 percent of companies were exposed for at least one attempted or completed account hijacking each month.
• 68 percent of malicious PDF files and 83 percent of malicious Word documents contained QR codes that lead to phishing sites.
• 12 percent of malicious PDFs were so-called bitcoin sextortion scams.
• Almost half (47 percent) of all email domains lack DMARC protection – a standard that makes it more difficult for fraudsters to hijack or imitate email senders.
• 24 percent of all emails are considered spam or directly malicious.

– Many companies still lack basic protection for their email, making it easy for attackers to reach them. HTML attachments are often perceived as “harmless” because they are used legitimately for newsletters, invitations and forms. We also see how QR codes continue to be a tool for bypassing traditional security filters. Many also increase their risk by not implementing standards such as DMARC, says Klas Palmér, security expert at Barracuda Networks in Sweden.

Advertisement

Read the full report: 2025 Email Threat Report