As 2025 comes to a close, we reflect on key events in the email and collaboration industry, and how they are shaping the future of email. We also discuss how our products have evolved, and what’s in the works for 2026.

Microsoft Ends Support for Exchange 2016 & 2019

In 2025, Microsoft ended support for Exchange 2016 and 2019 and released Exchange Server Subscription Edition (SE). This has many businesses looking for alternatives such as MDaemon to save money.

Consider the cost of Microsoft Exchange SE for one year. For 50 users, including server license and CALs, costs can reach over $10,000.

For MDaemon Email Server, the costs are substantially lower, at around $2400 for 50 users, including MDaemon AntiVirus, ActiveSync, and MDaemon Connector for Outlook.

Email Scams in 2025: Top Threats and Evolving Phishing Tactics

Cybercrime by Email Is Costlier Than Ever: Cybercriminals continue to exploit email as a prime attack vector in 2025, resulting in record financial losses worldwide. The FBI reported over $16 billion in victim losses from internet-enabled crimes in 2024 (a 33% jump from 2023), and globally the toll is staggering - one survey estimates $1.03 trillion lost to scammers in 2024 alone. 

Let’s dive into the worst email-driven scams of 2025 by financial impact, examine the most prevalent phishing techniques, and highlight emerging scam tactics (from generative AI to deepfakes) that business owners and cybersecurity professionals should be aware of.

The Costliest Email Scams of 2025 (By Money Lost)

Email remains a favored channel for fraud, enabling everything from investment swindles to business invoice fraud. Below are the top email-related scam categories of 2025, ranked by the total amount of money stolen, along with who is being targeted:

1. Crypto Investment (“Pig Butchering”) Scams - Highest Losses (over $6.5 Billion): Investment scams involving cryptocurrency led all cybercrime losses in 2024, netting over $6.5 billion reported by victims in the U.S. alone. A prevalent scheme is so-called “pig butchering,” where scammers groom victims (often via email or text) into fake crypto investments on phony platforms. These scams primarily target individuals with promises of big returns; victims are enticed into investing more and more, only to find the “investment” was a fraud. Many victims incur massive personal debts in the process. Notably, over 90% of the investment scam losses involved cryptocurrency, and middle-aged adults (40-49) were heavily targeted. This category tops the list in financial damage and highlights how phishing emails continue to lure people into bogus investment sites.
   
   
2. Business Email Compromise (BEC) - Billions Lost in Wire Fraud: BEC scams (a.k.a. CEO fraud or email invoice scams) continue to target businesses. In 2024, BEC was responsible for roughly $2.7-2.8 billion in reported losses in the U.S. - making it the second-costliest internet crime after investment fraud. Globally, the accumulated losses from BEC over the past decade exceed $55 billion. In a typical BEC scheme, fraudsters either hack or spoof a legitimate business email account and then send convincing messages to employees or partners to redirect payments. For example, an attacker might impersonate a CEO or vendor and urgently request a wire transfer to a new account under their control. Businesses (from large corporations to small firms) are the primary victims, though individuals involved in high-value transactions (like real estate buyers) are also targeted. The average fraudulent transfer request in BEC scams was around $80,000+ in early 2025, and a single successful scam can steal six- or seven-figure sums in minutes. With such high payouts, it’s no surprise BEC remains a pervasive threat reported by 63% of organizations in a recent survey.
   
   
3. Tech Support and Government Impersonation Scams - $1.8 Billion (Combined): Scammers posing as tech support agents or government officials also extracted enormous sums, disproportionately from individuals (especially seniors). In 2024, the FBI tallied over $1.8 billion in losses from tech/customer support fraud and government impersonation scams. These scams often start with an unsolicited email or pop-up claiming there’s a problem - “Your computer is infected” or “Action needed for unpaid taxes.” The email urges the recipient to call a number or click a link, which leads to fake support centers. Fraudsters then convince victims to pay “fees” or grant remote access, resulting in drained bank accounts or identity theft. Many call-center scam operations (often overseas) use these tactics at scale, and they prey on trust and fear - victims are told they face computer crashes, legal trouble, or fines unless they act immediately. Notably, about 40% of those reporting tech support/government impersonation scams to the FBI were over 60, and this older group incurred 64% of the losses - showing how heavily scammers target the elderly with such email-driven hoaxes.
   
   
4. Romance & “Heartstrings” Scams - $1.3 Billion+: Scams that develop an emotional connection - often via dating sites, social media, and email - continued to cause major losses in 2025. The U.S. Federal Trade Commission reported romance scam losses topping $1.3 billion in 2024, and this trend continues to evolve. In these scams, criminals assume fake identities and strike up online relationships, only to eventually ask for money (for an “emergency,” “investment opportunity,” travel costs, etc.). Victims range from young adults to retirees, but a large number are older adults who may be more isolated or trusting online. Scammers commonly move the conversation to private email or messaging and spend weeks gaining the victim’s confidence (“grooming” them) before making any requests. By the time the plea for money comes, the victim believes they are helping someone they genuinely care about. With the rise of AI, some romance scammers even use chatbots and stolen photos/videos to maintain 24/7 believable contact. The result is staggering - individual victims have been conned out of tens or even hundreds of thousands of dollars, adding up to a billion-dollar problem globally.
   
   
5. Honorable Mention: Phishing and Spoofing Emails (General) - While not one specific scam, phishing emails deserve mention as the most common complaint by volume. In 2024, phishing/spoofing was the #1 reported internet crime type with over 193,000 incidents reported to the FBI. These run the gamut - fake bank alerts, email login scams, “you’ve won a prize” lures, etc. - and often serve as the entry point to the major frauds above. The human cost is also severe: online extortion emails (e.g. sextortion scams demanding payment) were the #2 most reported complaint type in 2024. In short, phishing underlies many larger attacks, even if the direct dollar loss per phishing email is usually small compared to categories like BEC or investment fraud.

Common Email Phishing Techniques in 2025

Cybercriminals in 2025 continued to refine a core set of phishing techniques to compromise accounts, deliver malware, or socially engineer victims. Below are the most prevalent types of email phishing attacks and how they typically work:

• Credential Harvesting Phishing: The classic phishing email aims to steal usernames, passwords, or other sensitive credentials. Attackers impersonate a trusted entity (your IT department, Microsoft 365, a bank, popular apps) and urge the recipient to click a link to fix an issue or view a document. The link leads to a spoofed login page that looks legitimate but sends any entered credentials straight to the attackers. For example, a victim might receive an email saying “Your account was compromised, log in here to verify your identity,” with a link to a fake Office 365 sign-in page. Once the user enters their password, the scammer captures it and often immediately attempts to access the real account. These credential-stealing schemes are extremely common because they’re easy to mass-distribute and prey on trust in familiar brands. In fact, phishing emails (including credential harvesters) remain ubiquitous and effective - they’re implicated in 80-95% of cybersecurity breaches according to industry reports. The best defenses include robust email filtering, user education to spot signs of spoofing, and encouraging the use of multifactor authentication (so a password alone isn’t enough for attackers).
  
  
• Malware Delivery via Email (Attachments and Links): Phishing emails are also a primary vehicle for malware infection. Here, the email might masquerade as something enticing or urgent - a shipment notice, an invoice, a resume, or even a security update - and it carries a malicious attachment or link. Common payloads in 2025 include ransomware, banking Trojans, spyware, and keystroke loggers. For instance, an attacker might send a bogus “payment due” invoice to a company’s finance team; the attached PDF or Word document is weaponized (e.g. with a macro or exploit) that, when opened, quietly installs malware on the victim’s system.

Note: Both MDaemon AntiVirus and SecurityGateway include a feature that blocks or quarantines Microsoft Office documents containing macros.

• Business Email Compromise (BEC) & Invoice Fraud: BEC attacks have earned a reputation as being among the costliest of attacks. Rather than stealing passwords or planting malware, BEC is a social engineering strategy: the attacker’s goal is to impersonate a trusted person (often by sending emails from a spoofed or actually compromised account) and convince the target to send money or sensitive data. Techniques include sender spoofing (crafting an email address nearly identical to the real one, or using a lookalike domain) and account takeover (hacking an executive or vendor’s actual email account to email colleagues). A common ploy in 2025 is invoice fraud - where the scammer compromises a vendor’s email, then sends a routine-looking invoice to a business customer with updated bank account details, funneling the payment to the criminal’s account. Since the email comes from the real vendor’s account or an extremely convincing copy, employees often don’t realize the account info was changed. Another variant is payroll diversion: HR staff get an email seemingly from an employee or executive asking to update direct deposit information - it’s actually a fraudster’s account. BEC emails are typically highly targeted (spear phishing) and may have no dodgy links or attachments, making them harder to detect technically. Instead, they rely on urgent, believable requests. As noted, the financial fallout is huge (average wire transfer requests in these scams are in the tens of thousands of dollars). To defend against BEC, organizations are implementing verification steps for fund transfers (e.g. callbacks or secondary approvals) and training staff to be suspicious of any payment-change requests that arrive via email alone.

Learn more: How to Protect Against Business Email Compromise

• Phishing for Information (Fraudulent Requests): Not all phishing seeks passwords or money upfront; some emails aim to collect personal data or other information that can enable future fraud. Scammers might send emails posing as a bank or government agency asking victims to “verify your identity” by emailing back copies of ID documents, Social Security numbers, etc. Others impersonate HR or IT to get employees to reveal internal info. A notable example is the W-2 scam that has circulated in recent years: payroll departments receive emails purportedly from the CEO/CFO requesting copies of all employees’ tax forms or personal data, which the scammer then uses for identity theft or tax refund fraud. These impersonation phishing attacks blend elements of BEC and classic phishing, and the “payload” is the sensitive data victims hand over. In 2025, the U.S. FTC observed impersonation scams were one of the most common fraud types, increasingly initiated via email or text instead of phone, as scammers find it efficient to cast a wide net with imposter emails, then follow up by phone once someone takes the bait.
  
  
• Extortion and Sextortion Emails: A persistent phishing technique in 2025 is the extortion email, where scammers claim to have compromising information or hacked footage of the recipient and demand payment (often in cryptocurrency) to keep it secret. One widespread variant is the “sextortion” email: the scammer alleges they infected the victim’s computer and recorded them via webcam, threatening to send an embarrassing video to all contacts unless a ransom is paid. In reality, the claims are false - the scammers often use old leaked passwords in the email to appear credible (“I know your password is XYZ123, proof I hacked you”). Despite being a bluff, enough people are frightened into paying that sextortion spam continues in huge volumes. These emails typically demand a few hundred dollars, so the per-victim losses are smaller, but it’s a numbers game for cybercriminals. Another extortion theme seen in emails is threats of harm or DDOS attacks to a business unless payment is made. Cybersecurity pros advise never paying extortion emails and instead reporting them; technical measures like email filtering and DMARC can block many of these spoofed messages before they reach inboxes.

Emerging Email and Phishing Scam Trends in 2025

As defenses improve, attackers adapt. In 2025 we’ve seen cybercriminals embrace new technologies and tactics - especially generative AI and deepfakes - to enhance their phishing and fraud campaigns. Here are some of the notable emerging trends in email scams and phishing:

• AI-Generated Phishing (Smarter, More Convincing Scams): The explosion of generative AI tools has armed scammers with new capabilities. They can now create polished, personalized phishing content at scale. For instance, AI chatbots can draft emails in fluent, context-aware language - making the old telltale signs of phishing (poor grammar, odd phrasing) less reliable. According to security researchers, attackers in 2025 have been using AI-powered services to clone the look and feel of legitimate websites within minutes. These tools can replicate a company’s login page or invoice portal (complete with branding and legal disclaimers), enabling highly convincing credential-harvesting sites. On the email content side, AI can customize phishing messages to each victim by scraping public info (like LinkedIn data) and mirroring communication styles. The result is phishing emails that sound remarkably authentic and targeted, reducing suspicion. We’re also seeing AI-written malware code and polymorphic phishing kits that constantly tweak themselves to evade detection. The bottom line: AI is helping cybercriminals scale up phishing campaigns in volume and sophistication, forcing defenders to rely more on behavioral detection and user vigilance than on spotting simple errors.
  
  
• Deepfakes and Synthetic Identity Impersonation: Perhaps the most startling new twist in phishing-related scams is the use of deepfake technology - AI-generated voices, images, and videos - to impersonate trusted people. What was once science fiction is now real: criminals have cloned CEOs’ voices and even created fake video calls to bolster their email scams. This is an evolution of BEC fraud sometimes termed “BEC 2.0.” In one 2025 case, scammers targeted a UK advertising firm (WPP) by replicating the CEO’s voice on a fake Microsoft Teams call, instructing employees to hand over credentials and authorize fund transfers. Hearing what sounds like your boss’s voice or seeing a familiar face in a video can override doubt - making employees far more likely to comply. The FTC and FBI have warned of a 1,000%+ increase in deepfake abuses in the past year. To counter this trend, businesses are starting to implement verification protocols (e.g. callback the person on a known number, or require in-person meeting for large transactions) when something about a request seems off, even if the voice or video appears legitimate.
  
  
• “Quishing” - QR Code Phishing: A newer trick in 2025 is the abuse of QR codes in phishing campaigns (dubbed “quishing”). Scammers embed malicious QR codes in emails and other media, knowing that automated email scanners often can’t read QR images and thus won’t flag the malicious link hidden behind them. The scale of QR phishing is growing fast: one security report noted over 7 million malicious QR code URLs were detected in late 2024 to early 2025.

Note: Both MDaemon and SecurityGateway include QR code detection to protect users from malicious QR codes.

• Multi-Stage & Multi-Channel Scams: Email scams in 2025 are increasingly part of blended attacks that span multiple channels and stages. A single scam might involve an initial phishing email, followed by phone calls, text messages, or even live chats to further manipulate the victim. For example, fraud recovery scams target people who already fell victim once - the scammers send an email posing as a law enforcement or recovery service offering to help get the money back, then direct the victim to a phone call where the con artists (for a “fee”) supposedly facilitate the recovery. Another example is tech support scams: the initial hook might be an email warning about a computer virus, and when the worried user calls the provided number, a call-center scammer takes over. The key trend is that criminals treat phishing as one step in a longer process. Imposter scams also have become collaborative - one scammer might target you with a fake invoice email, and when you reply or seem interested, they hand off to a partner who calls you pretending to be a customer support rep to “help” you through the (fraudulent) payment. This compartmentalization makes detection harder.
  
  
• Bypassing MFA and Advanced Evasion: As more organizations deploy multi-factor authentication (MFA), phishers have not been deterred - 2025 has seen growth in phishing techniques that bypass MFA. So-called adversary-in-the-middle (AiTM) attacks use fraudulent proxy websites to intercept not only the victim’s password but also the temporary MFA code or session token, letting the attacker hijack the session in real time. Phishing-as-a-service kits like EvilProxy and others now make these sophisticated man-in-the-middle attacks available to less-skilled scammers. In practice, a user may receive a very legitimate-looking login link (often through email) - it forwards to the real site after capturing credentials, so the user does log in successfully, unaware that the attacker is silently riding their session. Similarly, some attackers resort to MFA fatigue (sending repeated push notifications to annoy a user into approving a false login).

As you can see, the 2025 threat landscape for email scams is a mix of the familiar and the cutting-edge. Classic phishing and BEC schemes are as prevalent as ever - and are raking in unprecedented sums from both individuals and companies - while new twists like AI-crafted scams and deepfake impersonations add another layer of deception.

New Security & Administration Features added to MDaemon & SecurityGateway

At MDaemon Technologies, our developers continue to enhance our products with new security features to combat the evolving phishing landscape, while adding new administrative features to make email and collaboration management easier. Here’s a summary of what we’ve added in 2025.

MDaemon 25

• QR Code Detection
• Long-press contextual menus for mobile devices

MDaemon 25.5

• Web conferencing
• Send-as permissions
  
  
  
  SecurityGateway 11

• OAUTH for Microsoft 365 integration
• AI Email Classification
  
  

New Email Security and Administration Features Planned for 2026

Looking ahead over the following year, here’s a sneak peek at what’s on the roadmap.

Coming Soon to MDaemon

• OIDC support to facilitate single sign-on for MDaemon Webmail & Remote Administration
• Rejected message report
• The ability to filter messages that fail DMARC
• Improved attachment restrictions
• Service recovery options

New MDaemon Webmail Features Coming Soon

• Invite external users to web conference
• Record web conferences
• Transfer files in web conference
• Single Sign-on via OIDC

Coming Soon to SecurityGateway

• Restrict administrator access by IP
• Classify attachments by content
• Google Workspace user verification
• Enhanced display name protection
• Restrict domain admin access
• Use Windows OCR

As we forge ahead into 2026, we will continue to evolve and adapt to the continuously changing email messaging and security landscape. Is there a specific feature you’d like to see in a future version of MDaemon or SecurityGateway? Let us know in the comments section below!