Navigating The Next Frontier Of Email Threats: Five Emerging Attacks Shaping Cybersecurity In 2025

Mike Britton is the Chief Information Officer at Abnormal Security, a leading behavioral AI-based email security platform.

Despite being a legacy communication tool, email isn’t going anywhere anytime soon—and as long as it continues to be used in business, it will continue to serve as a prime target for cybercriminals, especially as an avenue for social engineering.

But how attackers target email is always changing. As security awareness increases, attackers adapt their methods, leveraging emerging technologies and exploiting human behavior in new and different ways to evade detection.

This cat-and-mouse game is sure to continue in 2025, but if organizations can anticipate the threats to come in the year ahead, they’ll be in a better position to gain an advantage. Let’s take a look at some of the top emerging attack tactics that organizations and their employees need to be prepared for.

Cryptocurrency Fraud: Exploiting The Irreversible

Cryptocurrency fraud is thriving, thanks to the decentralized, irreversible nature of blockchain transactions. Cryptocurrency mechanisms are complex, and attackers are learning that they can exploit its unfamiliarity, tricking victims into divulging sensitive information such as wallet recovery phrases. These scams often masquerade as trusted service providers, warning users of account issues or impending losses to elicit an urgent response and playing right into the hands of the criminals.

With global cryptocurrency adoption on the rise and giving threat actors a new platform for social engineering, users have to increase their vigilance. Requests for recovery phrases or account updates—especially when wrapped in urgency—should always raise suspicion.

File-Sharing Phishing: A Trojan Horse For Credentials

Today’s businesses are more distributed than ever, which means file sharing tools like Google Drive and Dropbox are common staples in many employees’ workflows—so much so, that receiving an email notification from these services is unlikely to raise any flags. This is exactly what threat actors are banking on.

File-sharing phishing attacks, where attackers use trusted services to distribute phishing links hosted within shared documents, are surging to the tune of 350% as of early 2024. Unlike traditional email phishing, these links are not embedded in the email body. Instead, users leave the email environment before being exposed to the phishing link within a legitimate third-party application, making them harder for traditional security tools to detect.

Users should be diligent about verifying any unexpected file-sharing notification that hits their inbox and remain cautious of documents prompting sensitive actions, such as logging into accounts.

Multi-Channel Phishing: Expanding The Attack Surface

Cybercriminals have been phishing their targets through email for years, but now they are taking these attacks to a new level by combining email with other communication channels such as text messages, phone calls and messaging apps.

These attacks often start with email before transitioning to a real-time platform, usually on a less secure personal device to bypass enterprise-level email security controls. For example, a phishing email might direct the recipient to contact "customer support" via WhatsApp, where attackers manipulate victims into providing sensitive information.

Many employees today are generally aware of the hallmarks of a traditional phishing attack. However, as attackers spread these threats across additional channels, organizations need to modify their security awareness training programs accordingly. Incorporating training modules that examine external communication platforms and multi-channel tactics can help expand employee vigilance.

AI-Generated Business Email Compromise: Precision At Scale

AI is supercharging efficiency across an endless number of use cases, and cybercrime is no exception. Threat actors are increasingly tapping into generative AI to uplevel their business email compromise attacks, for example, using tools like ChatGPT to quickly create personalized social engineering attacks at scale.

The availability of online data—especially through social media channels—is only exacerbating this threat. Today’s attackers have access to so much information that can be plugged into generative AI tools, enabling them to produce convincing outputs that mimic genuine interactions and increase their chances at deceiving their victims.

AI-generated attacks complicate security awareness training, as these email attacks tend to be perfectly written, highly targeted and nearly impossible to discern. Still, organizations should encourage employees to verify any unusual request, especially any that ask for sensitive information like banking details or login credentials.

Email Account Takeover: The Gateway To Deeper Exploits

Email account takeover is one of the most dangerous types of email threats because it goes a step beyond impersonations, providing attackers with direct and legitimate access to internal systems. These attacks typically start with a successful credential phishing, social engineering or brute-force attack that enables the threat actor to hijack their target’s email account. Once inside, they have free reign to continue wreaking havoc, from exfiltrating data to infiltrating connected applications or launching lateral phishing campaigns that target colleagues and vendors.

Minimizing the impact of an account takeover requires a special focus on limiting attackers’ actions once they've gained a foothold within an account. Multi-factor authentication (MFA) and encouraging strong password use or implementing secure single sign-on (SSO) are a few key defenses that security teams should implement.

Preparing For Cyberthreats In 2025

In 2025, we can expect attackers to operate as they always have: by continuing to innovate, leveraging new technologies to advance their scams and pursuing new forms of psychological manipulation to compromise their targets. Organizations must remain proactive to stay one step ahead, and their best course of action is to combine both human- and technology-based defenses.

From a human perspective, enhancing employee awareness is key. Introducing training on emerging threats, such as cryptocurrency fraud and multi-channel phishing, while providing clear protocols for verifying suspicious activity, can help uplevel awareness in the face of novel attacks. From a technology perspective, security teams should adopt security measures that extend beyond email to monitor other external communications channels while ramping up their authentication practices and monitoring for unusual login behaviors.

By understanding the attacks that are on the horizon for the year ahead and preparing themselves with a multi-layered security approach, businesses can head into 2025 with confidence in their ability to protect their people, data and systems.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?