In recent years, a common belief has arisen that email is becoming less relevant as an attack vector. With attackers increasingly favoring tactics leveraging AI, cloud-native applications, and social engineering via voice and video, the narrative is that threats are migrating away from email. However, recent data from Darktrace suggests the opposite: not only does email remain a major avenue for modern attacks, but certain email-based attacks have continued to grow in popularity.
Email Bombing Goes Mainstream
The data from Darktrace shows a 100x surge in email bombing messages just from April to July 2025. Attackers overwhelm the target’s inbox with massive volumes of benign emails, then reach out through other methods, posing as IT support staff attempting to help with the email onslaught. After gaining their victim’s trust, the threat actor can potentially carry out a range of malicious activities.
Flooding inboxes with legitimate messages is extremely effective at creating confusion and fatigue in the targets of these attacks, especially as email continues to be a primary avenue of communication in most professional environments. The victims, unable to wade through the noise to effectively use their email accounts, are primed to trust the “support staff” who reach out to help them with the problem.
From Inbox to Everywhere: The Rise of Cross-Domain Attacks
The increase of email bombing demonstrates a trend of attackers using email in combination with additional channels. Rather than sticking strictly to email as their attack vector, attackers pivot to Teams, phone calls, or other methods. By using another channel and impersonating IT support staff, attackers expand their reach and their ability to deceive their targets. This tactic helps them to bypass traditional security controls, win their targets’ trust, and gain access to accounts and sensitive areas without requiring intensive technical skill.
Seasonal Trust as an Attack Vector
Threat actors taking advantage of major shopping holidays is a cyclical trend that arises around the winter season every year. Darktrace’s research demonstrates a 1,317% spike in phishing attacks targeting Black Friday shoppers in November. These attacks highlight attackers’ inclination toward exploiting familiar brand names, consumer urgency, and predictable seasonal shopping behavior to carry out their malicious activity.
Attacks leveraging holiday trends can cause significant harm not just to individual shoppers, but to organizations as well. “The stakes are extremely high for businesses during the holiday season,” says Nick France, Chief Technology Officer at Sectigo. “This short window represents a critical revenue opportunity, and any website security hiccup – such as an expired or misconfigured certificate causing browser warnings - can result in thousands of dollars in lost sales as shoppers swiftly avoid sites that appear untrustworthy.”
Why the Inbox Still Matters
In spite of the popular belief that email is growing out of favor when it comes to cyberthreats, it remains the most reliable starting point for attackers. While the use of collaboration tools and SaaS platforms in attacks is indeed on the rise, email continues to provide a convenient place for threat actors to launch their attacks with tried-and-true methods alongside evolving tactics leveraging newer technologies.
Threat actors have a tendency to adopt new methods and technologies as they become available, but they also often incorporate tried-and-true tactics in newer ways to account for emerging security measures. “Bad actors are very creative in creating email campaigns that evade traditional detection mechanisms,” according to Krishna Vishnubhotla, Vice President, Product Strategy at Zimperium. “Email attachments and links should be scrutinized. Adopting a zero-trust security model and using encrypted communication for sensitive exchanges will further protect against malicious emails.”
Identity, Brand Trust, and Outbound Risk
The ongoing prevalence of email as the initial vector for attacks is not an indication of stagnation in attack tactics. Attackers are constantly looking to advance their techniques and develop new ways to exploit old channels. They continue to exploit classic techniques like phishing and other social engineering attacks while advancing tactics to evade the challenges posed by security measures and increase their success rates and payouts.
The continued growth of email attacks emphasizes the need for security that accounts for outbound email authentication, brand impersonation, and data leakage as much as inbound threat detection. Traditional and evolving attacks exploit human error and technological solutions to evade typical security efforts, demonstrating a requirement for robust and layered security strategies.
Rethinking Email Security as a Cross-Channel Problem
With attacks leveraging email alongside alternative channels on the rise, it is more important than ever to ensure that security strategies are built to handle email security as a cross-channel issue. There is a growing need for security tools and teams to be able to correlate signals across email, identity, and collaboration platforms to fight threats, rather than treating these areas as silos. In the modern digital landscape, these areas are increasingly interconnected, creating a rising need for security measures accounting for threats that target multiple channels.
What Security Leaders Should Take Away
CISOs and security teams should take the intelligence from Darktrace’s research to heart and consider the practical implications thereof when developing their security strategies. Defenders must take steps toward cross-channel security to prepare for an attack landscape where email is no longer the whole story, but is still the opening move.
