- US generates 57% of global spam, VIPRE analysis of 1.45B emails shows
- Expanding US data centers make spam enforcement harder and threats worse
- Cybercriminals shift to simple, human-focused phishing using PDFs and SVGs
A new report has claimed the United States is now the largest source of spam emails in the world.
VIPRE’s Q1 2025 Email Threat Trends Report, the US was responsible for more than half (57%) of all spam sent worldwide during the first quarter of the 2025.
VIPRE analyzed 1.45 billion emails for its report, focusing on the geolocation of the origin IP address found in email headers, rather than on domain extensions like .com.
A problem that's going to get worse
While there is no single cause, the scale of data center infrastructure in the US makes it difficult to enforce spam regulations effectively and results in greater numbers of entry points for spam emails to spread.
With even more data centers being built across the US, this is a problem that’s only going to get worse in the coming years.
The report notes that of the spam analyzed, 67% was classified as malicious, linked to phishing or malware.
Callback phishing is rising fast, accounting for nearly one in five phishing attempts. Cybercriminals also appear to be opting for simpler, human-focused methods over more complex, technical ones.
SVG attachments were found to be climbing in popularity among attackers, coming in second place just behind PDFs, as they can be used to trick users into visiting malicious sites.
The manufacturing sector is the top target for email-based attacks, with retail and finance sharing second place.
VIPRE says the malware landscape has shifted recently, with the XRed backdoor-type malware family taking the top spot ahead of the second-most prominent malware family (Lumma) by a factor of three. StealC, AgentTesla, and Redline followed behind.
“There’s a clear shift in cybercriminals’ preference towards low-tech, high-impact, human-centric tactics. This demands a fundamental rethink of email security - one that addresses the human element as vigilantly as the technological,” said Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group.
“With cybercriminals mastering the art of human deception, and crafting phishing attacks that bypass conventional defenses, email security in turn demands an approach that weaponizes cybercriminals’ own actions and uses their patterns to create a unique, future-proofed response,” he added.
