Key findings from the Q1 2025 Sublime Email Threat Research Report

Sublime's first Email Threat Research Report reveals a significant rise in sophisticated email threats, emphasizing the growing prevalence of QR code and OAuth phishing, and the importance of adaptive detection strategies. The report, based on anonymized customer data and strict privacy protocols, highlights a 40-60% increase in QR code phishing and a dramatic 47,000% surge in SVG-based attacks in Q1 2025. It also notes a rise in Living Off Trusted Sites (LOTS) attacks using services like Microsoft 365 and Google Workspace, and an uptick in AI-generated content for BEC/fraud campaigns. The findings suggest a shift away from mass, template-driven phishing to more tailored, automated attacks that evade static defenses, with 90% of malicious emails customized for their targets. Emerging threats and evolving evasion techniques, such as "evasion stacking," necessitate a layered, adaptive defense incorporating AI, machine learning, and behavioral analysis. As attackers refine their methods, security platforms like Sublime are adapting by analyzing detection signals in real time, offering proactive coverage without needing manual updates.