Microsoft Outlook, Gmail increasingly targeted in phishing attacks

More than 90% of phishing intrusions between July and September have been aimed at Microsoft Outlook and Gmail inboxes, with threat actors increasingly weaponizing trusted platforms to facilitate compromise, according to GBHackers News.

Moreover, almost a third of spam campaigns during the same period have been linked to Outlook, Gmail, and other free email services, findings from VIPRE's Q3 2025 Email Threat Report revealed. Researchers also found that over 90% of phishing links employed open redirects that exploited legitimate domains' reputation.

Threat actors also sought to better conceal intrusions by renting U.S.-based servers, with such systems accounting for over 60% of all spam emails. Meanwhile, business email compromise intrusions remained the leading threat category after accounting for more than half of all nefarious emails during the third quarter.

Sixty-three percent of all attempted BEC attacks involved impersonation techniques, with CEOs being the most spoofed individuals, followed by IT staff and HR departments.