Email remains one of the most dangerous channels for cyberattacks. According to the latest data from Cloudflare, more than 5% of all global email traffic in 2025 contained malicious content. In other words, every twentieth email could potentially cause financial or data-related damage. For cryptocurrency investors, this is a warning that should not be ignored.

Nearly one in ten emails was dangerous in November

In its 2025 annual report, Cloudflare analyzed global email traffic and found that 5.6% of emails were classified as malicious. The situation worsened significantly throughout the year. In November, the share of dangerous emails climbed to nearly 10%, almost double the annual average.

According to Cloudflare, these emails can lead to the theft of login credentials, personal data, or direct financial losses. Attackers are increasingly relying on sophisticated scams that are difficult to detect at first glance.

Cryptocurrencies in the crosshairs of phishing attacks

These findings are particularly relevant for crypto investors. Phishing attacks targeting cryptocurrencies, traders, investors, and crypto company executives have intensified in recent months and are becoming more advanced.

The risk is higher with cryptocurrencies because once a victim clicks on a malicious link or sends digital assets to an attacker, there is usually no way back. Transactions are irreversible, and lost funds are often impossible to recover.

Deceptive links remain the most common threat

Cloudflare identified deceptive links as the most widespread type of threat, appearing in 52% of all malicious emails. This makes them the dominant attack vector.

Identity theft ranked second, accounting for 38% of threats, up from 35% in 2024. Attackers impersonate trusted individuals or institutions using fake domains, lookalike domain names, or manipulated sender names.

Among the most abused domains, “.christmas” stood out as the most problematic, accounting for 92.7% of malicious emails and an additional 7.1% of spam. Other frequently abused domains included “.lol,” “.forum,” “.help,” “.best,” and “.click.”

One quarter of HTML attachments are malicious

Similarly concerning data came from cybersecurity firm Barracuda. Its researchers analyzed 670 million emails flagged as malicious or spam in 2025. The results confirmed that email remains the most common entry point for cyberattacks.

One in four emails was spam. A quarter of all HTML attachments contained malicious code, and 12% of malicious PDF attachments were related to bitcoin scams. According to experts, the combination of attachments and links is one of the primary tools attackers use to spread malware and launch phishing campaigns.

Malware in emails is growing at a triple-digit rate

Hornet Security also highlighted a long-term trend, noting that email was a “consistent distribution channel” for cyberattacks in 2025. The number of emails containing malware increased by 131% year over year.

For everyday users and crypto investors alike, the message is clear: caution when dealing with email is more important than ever. Verifying senders, suspicious links, and attachments is no longer paranoia but a basic element of digital security—especially at a time when attackers are increasingly targeting cryptocurrencies.

Sources:

https://radar.cloudflare.com/year-in-review/2025#malicious-emails

https://www.barracuda.com/reports/2025-email-threats-report

https://www.hornetsecurity.com/us/blog/cybersecurity-report-2026-press-release/