Internet infrastructure and security giant Cloudflare has issued a stark warning in its 2025 year-in-review report, revealing that more than 5% of all global email traffic is malicious. The company's analysis found an aggregate of 5.6% of emails sent worldwide over the past year contained harmful content, equating to more than one in every twenty emails.
The threat escalated dramatically in November 2025, with the malicious email rate surging to 9.7%—nearly double the annual average and approaching one in ten emails. Cloudflare defines malicious emails as those designed to cause harm, including the theft of credentials, data, or money.
The report highlights that these findings are particularly relevant to cryptocurrency investors. Phishing attacks targeting crypto traders, investors, and executives have not only surged in volume in recent months but have also increased in complexity. The report emphasizes the severe and often irreversible damage caused by crypto phishing links, noting that once a victim sends cryptocurrency to a scammer, recovery is typically impossible.
Breaking down the threat categories, Cloudflare reported that deceptive links were the most common, present in 52% of malicious emails. Identity deception was the second-highest category at 38%, up from 35% in 2024, involving attackers impersonating trusted contacts via spoofed domains or display name tricks.
Cloudflare also identified the most abused top-level domain (TLD) extensions. The “.christmas” domain was the most malicious, with 92.7% of emails from it classified as malicious and 7.1% as spam. Other highly abused TLDs included “.lol,” “.forum,” “.help,” “.best,” and “.click.”
Supporting data from other cybersecurity firms underscores the scale of the problem. Earlier in 2025, researchers at Barracuda Networks analyzed 670 million malicious or spam emails, confirming email as the most common attack vector. Their study found that a quarter of all HTML attachments were malicious, and notably, 12% of malicious PDF attachments were specifically Bitcoin scams. In a separate November report, Hornet Security noted that email remained a "consistent delivery vector" for cyberattacks in 2025, with malware-laden emails surging by 131% year-over-year.
SAUCE
HBAR
THETA
TFUEL
GEE
AAVE
SOL