Over 1 in 20 emails are malicious, warns internet giant Cloudflare

cointelegraphPublished on 2025-12-16Last updated on 2025-12-16

Abstract

According to Cloudflare's 2025 year-in-review report, over 5.6% of global email traffic was malicious, meaning more than one in twenty emails contained harmful content. This figure surged to nearly 10% in November. Malicious emails aim to steal credentials, data, or money, with deceptive links being the most common threat category at 52%. Identity deception followed at 38%. The report highlights that crypto investors are particularly at risk, as phishing attacks have grown more complex and damaging. Additionally, highly abused top-level domains include “.christmas,” “.lol,” and “.forum.” Other studies support these findings, noting that a quarter of HTML attachments are malicious and email remains a primary attack vector.

More than 5% of all emails sent worldwide contain malicious content, according to internet infrastructure giant Cloudflare.

The web security giant revealed that an aggregate of 5.6% of global email traffic analyzed by the firm over the past year was found to be malicious. This equates to more than one in every twenty emails containing harmful content.

In November, that figure surged to almost one in ten, nearly double the average for the year, it found.

Malicious emails include those that can cause harm, such as the theft of credentials, data, or money, Cloudflare explained in its 2025 year-in-review report.

The findings are particularly relevant to crypto investors, as phishing attacks targeting crypto traders, investors, and executives have increased in complexity and surged in recent months.

Crypto phishing links can be especially damaging. Once a victim falls for one of these malicious links or sends cryptocurrency to a scammer, there’s usually no way back.

*Malicious emails surged to 9.7% in November. Source:* *Cloudflare*

Deceptive links dominate threat categories

More than half of these malicious emails, or 52%, contained a deceptive link, which was the highest threat category, it reported.

Identity deception was the second-highest at 38%, up from 35% in 2024, as attackers impersonated trusted individuals using spoofed domains, similar-looking domains, or display name tricks.

Related: Email auto-reply vulnerability allows hackers to mine cryptocurrency

Cloudflare also revealed that the most abused top-level domain (TLD) extension was “.christmas,” with 92.7% malicious emails and 7.1% spam originating from this domain type.

Other highly abused domain names included “.lol,” “.forum,” “.help,” “.best” and “.click.”

*Deceptive links were the highest threat category among malicious emails. Source:* *Cloudflare*

A quarter of HTML attachments are malicious

Earlier this year, researchers at cybersecurity company Barracuda analyzed 670 million emails that were malicious or unwanted spam.

They discovered that email remains the most common attack vector for cyber threats, with malicious attachments and links being used to distribute malware, launch phishing campaigns, and exploit vulnerabilities.

As many as one in four emails were unwanted spam, a quarter of all HTML attachments were malicious, and 12% of malicious PDF attachments were Bitcoin scams, they reported.

In November, Hornet Security reported that email was a “consistent delivery vector” for cyberattacks in 2025, with malware-laden emails surging by 131% year-over-year.

Magazine: Do Kwon sentenced to 15 years, Bitcoin’s ‘choppy dance’: Hodler’s Digest

FTX Founder Sam Bankman-Fried Loses Bid For Retrial

bitcoinist3h ago

CLARITY Act Nears Last Markup—White House Adviser Sees ‘Rocket Ship’ Crypto Boom

bitcoinist5h ago

别急着All-in DeepSeek V4，先看看这10位从业者的真心话

marsbit6h ago

Bitcoin In the US Military: How BTC Could Help Strengthen National Security

bitcoinist6h ago

Litecoin’s MWEB Bug Let An Attacker Create 85,034 LTC

bitcoinist7h ago

Trading

Spot

Futures

Hot Articles

How to Buy T

Welcome to HTX.com! We've made purchasing Threshold Network Token (T) simple and convenient. Follow our step-by-step guide to embark on your crypto journey.Step 1: Create Your HTX AccountUse your email or phone number to sign up for a free account on HTX. Experience a hassle-free registration journey and unlock all features.Get My AccountStep 2: Go to Buy Crypto and Choose Your Payment MethodCredit/Debit Card: Use your Visa or Mastercard to buy Threshold Network Token (T) instantly.Balance: Use funds from your HTX account balance to trade seamlessly.Third Parties: We've added popular payment methods such as Google Pay and Apple Pay to enhance convenience.P2P: Trade directly with other users on HTX.Over-the-Counter (OTC): We offer tailor-made services and competitive exchange rates for traders.Step 3: Store Your Threshold Network Token (T)After purchasing your Threshold Network Token (T), store it in your HTX account. Alternatively, you can send it elsewhere via blockchain transfer or use it to trade other cryptocurrencies.Step 4: Trade Threshold Network Token (T)Easily trade Threshold Network Token (T) on HTX's spot market. Simply access your account, select your trading pair, execute your trades, and monitor in real-time. We offer a user-friendly experience for both beginners and seasoned traders.

10.8k Total ViewsPublished 2024.03.29Updated 2025.03.21

Discussions

Welcome to the HTX Community. Here, you can stay informed about the latest platform developments and gain access to professional market insights. Users' opinions on the price of T (T) are presented below.