Attackers Favor Widely Trusted Platforms While Adapting to Detection Methods, VIPRE's Q1 2026 Email Threat Trends Report Reveals - Yahoo Finance

This is a paid press release. Contact the press release distributor directly with any inquiries. Attackers Favor Widely Trusted Platforms While Adapting to Detection Methods, VIPRE's Q1 2026 Email Threat Trends Report Reveals PR Newswire Thu, April 23, 2026 at 4:00 AM EDT 6 min read Commercial spam, link-based malspam, and use of QR code-embedded PDFs are on the rise LONDON, April 23, 2026 /PRNewswire/ -- VIPRE Security Group, a global leader and award-winning cybersecurity, privacy, and data protection company, releases its Q1 2026 Email Threat Trends Report, which finds that cybercriminals are stealing trust by exploiting legitimate sites, systems, and ecosystems to bypass defenses more easily and maximize attack success. Processing 1.8 billion emails in the first quarter of this year, this report highlights the struggles organizations face, signaling areas where they must strengthen email defenses in the coming months. Commercial spam takes up the lion's share  Commercial spam forms the majority of spam at 46%, delivered via compromised accounts (33%) and free email services (32%). This illustrates trusted platforms and free services as criminals' favored attack vectors. Commercial spam wears down users with email fatigue, increasing their chances of being phished, while the technique itself assists cybercrime through misleading subject lines, aggressive language, and act-fast promotions. Nearly two-thirds of spam came from US-based infrastructure, followed by Ireland and the UK. The US was also the top target of commercial spam at 60%, followed by the UK at 12% and Canada at 6%. Attackers exploit trusted platforms to deliver link-based phishing at scale Cybercriminals are increasingly relying on familiar, reputable platforms to carry out their attacks. Phishing made up 25.87% of all spam, with malicious links remaining the weapon of choice. During the first quarter of 2026, embedded links appeared in 50.59% of phishing emails, while 26.69% included attachments, 19.17% used callback schemes, and 3.55% relied on QR code-based phishing. Microsoft continues to be the top brand targeted for spoofing, and ".com" domains remain the primary infrastructure for sending these attacks. Furthermore, attackers favor "open redirects" that begin with the legitimate domain and then end with a parameter routing to a malicious site. Abused URLs accounted for over 89% of phishing URLs. Cybercriminals adapt to detection methods The manner in which attackers construct and deploy phishing URLs in Q1 shows they are adapting to detection methods. Newly Registered Domains (NRDs) are on the decline. As scanners become more effective at identifying newly created domains, cybercriminals are adapting by relying more on familiar, reputable domains to avoid detection. This shift reinforces their tendency to use proven strategies and exploit established, trustworthy web addresses. Story Continues View Comments Terms and Privacy Policy Privacy Dashboard