Is ChatGPT helping scammers fool more victims?

Kaspersky reported a 15 percent increase in malicious and potentially unwanted email attachments in 2025, with more than 144 million incidents recorded among individual and corporate users.

According to Kaspersky telemetry, spam accounted for 44.99 percent of global email traffic last year, with unsolicited messages often carrying scams, phishing links and malware.

The Asia Pacific region registered the highest share of email antivirus detections at 30 percent, followed by Europe at 21 percent, Latin America at 16 percent, the Middle East at 15 percent, Russia and the Commonwealth of Independent States at 12 percent and Africa at 6 percent.

By country, China recorded the largest proportion of malicious and potentially unwanted email attachments at 14 percent, ahead of Russia at 11 percent, Mexico and Spain at 8 percent each and Turkey at 5 percent.

Email antivirus detections rose moderately during June, July and November.

Kaspersky’s annual assessment identified continued convergence of communication channels, with attackers using email to direct victims to messaging platforms, fraudulent websites or scam phone numbers, including investment schemes that collect contact details before initiating follow up calls.

The company also observed increased use of evasion techniques in phishing campaigns, including disguising malicious links through link protection services and embedding QR codes in email bodies or PDF attachments to prompt users to scan them on mobile devices that may have weaker security controls than corporate computers.

Researchers documented abuse of legitimate platforms, including misuse of OpenAI organization creation and team invitation features to distribute spam from authentic OpenAI email addresses, as well as the reemergence of a calendar based phishing scheme targeting corporate users.

Business email compromise attacks evolved further in 2025, with threat actors incorporating fabricated forwarded messages lacking proper thread index or header information to make fraudulent correspondence appear more convincing.

Roman Dedenok, an anti spam expert at Kaspersky, said one in 10 business attacks begins with phishing, including a notable share linked to advanced persistent threats, and noted that generative artificial intelligence tools have enabled attackers to produce highly personalized and credible phishing messages at scale.

Kaspersky advised users to treat unsolicited invitations with caution even if they appear to come from trusted sources, to verify website addresses before clicking links and to avoid calling phone numbers listed in suspicious emails, instead using official websites to obtain contact details.

For organizations, the company recommended deploying Kaspersky Security for Mail Server with multilayered machine learning based defenses, ensuring all employee devices including smartphones are protected by robust security software and conducting regular training on modern phishing techniques.