Barracuda Networks, Inc., released the 2026 Email Threats Report. New findings from Barracuda Research, the threat intelligence arm of Barracuda, show that AI-driven social engineering and phishing-as-a-service are accelerating both the volume and effectiveness of email attacks, enabling adversaries to scale credential-phishing operations and increase the success rate of targeted campaigns.
The report also highlights a shift in attacker tactics, with threat actors moving from file-based payloads to URL-based delivery and embedding QR codes in trusted document formats to disguise malicious destinations. Attackers are further exploiting account takeover techniques to bypass traditional defenses and deliver highly convincing messages from compromised inboxes, underscoring the need for integrated, multilayered email protection.
Based on global telemetry collected in January 2026, Barracuda Research analyzed more than 3.1 billion emails, looking at malicious, spam or otherwise unwanted emails to quantify these trends and assess their impact on organizations worldwide. Findings include:
1 in 3 email messages are malicious or unwanted spam
48% of malicious email activity is phishing
34% of companies experience at least one account takeover incident every month
More than 10% of HTML attachments are malicious
70% of malicious PDFs contain QR codes leading to phishing websites
90% of high-volume phishing campaigns used phishing-as-a-service kits
“Email is no longer just a communication channel — it’s the front line of identity, trust and business continuity,” said Merium Khalid, Director of SOC Offensive Security, Office of the CTO, Barracuda. “As attackers industrialize phishing with AI and phishing-as-a-service, the future of defense must evolve just as quickly. Organizations that stay ahead will prioritize integrated email security layered with identity protection and automated response as part of a broader, resilience-driven strategy. When prevention, rapid detection and automated incident response work together, businesses can reduce risk, limit the impact of account compromise and maintain continuity even as threats accelerate.”
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram