Key findings from the 2026 Sublime Email Threat Research Report

Our 2026 Sublime Email Treat Research Report is now live. Email threats continued to evolve rapidly throughout 2025, with attackers shifting from high-volume campaigns to precision-engineered attacks that exploit trust and organizational relationships. Our analysis of millions of messages reveals a threat landscape defined by sophistication, customization, and the strategic abuse of legitimate platforms.

BEC attacks dominate with thread hijacking on the rise

Business email compromise and fraud attacks represented nearly 32% of all email threats in 2025 – the largest category by volume. What's particularly concerning is how these attacks have evolved beyond traditional cold outreach to exploit existing conversations and organizational context.

Thread hijacking and fake threads now comprise 28.1% of all BEC attacks, surpassing traditional email BEC. Attackers insert themselves into legitimate email threads, often through compromised accounts, creating the appearance of continuing authentic business discussions. The sender domain may be unfamiliar, but the context and conversation history appear genuine, making detection challenging for both humans and automated systems.

This faked context reduces friction for other tactics like spear phishing and VIP impersonation. With the aid of GenAI, attackers can quickly target key positions within organizations by spoofing realistic threads with the names and addresses of executive leadership, suggesting that targets are being included in ongoing conversations. For example, if a finance officer sees days of fabricated previous discussions regarding sending money for a purchase order, there's inherent trust that the activity is legitimate. This is compounded by GenAI's ability to review emails and documents to determine an impersonated employee's style, demeanor, and even nick name.

Malicious QR codes explode in popularity

QR code phishing surged dramatically throughout 2025, increasing 282.7% between H1 and H2. On top of that, our analysis showed that when a QR code was observed, it was 1.4x more likely to be an attack than a message without a QR code.

Attackers favor QR codes because they bypass traditional email security controls that analyze text and URLs, not images. Targets typically scan QR codes on personal phones, which operate outside corporate security controls. When combined with LOTS (Living Off Trusted Sites) techniques, QR codes represent one of the most simple yet sophisticated evasion methods, requiring computer vision to detect codes in cloud-hosted documents, link analysis to identify suspicious content, and mobile device security to block malicious URLs.

Calendar invites are the new phishing frontier

A significant developments in 2025 was the rapid adoption of calendar invitations for delivering callback phishing attacks. In Q4 alone, over 20% of callback phishing attacks used calendar invites as a delivery mechanism.

These attacks exploit the fact that meetings are often automatically added to calendars when invitations are received. Cloud email providers often auto-add the message body and attachments to calendar events, creating a two-pronged, cross-channel attack with malicious payloads in both the calendar and inbox. Making this more dangerous, in cases where the phishing email is blocked, the meeting invite still reaches the target's calendar. Since calendar invites can bypass mail processing entirely, organizations need specialized detection capabilities that treat calendar systems as a first-class attack surface.

AI-generated attacks on the rise

While it's not possible to identify AI-generated content with 100% accuracy, our analysis of key signals frequently found in AI-generated emails showed an upward trend with a significant increase to 19.29% in Q4 – up from just 4.21% in Q1.

This significant leap is likely due to both increased adoption of AI by attackers and the rapid iteration and evolution of AI attacks, which makes certain signals flare up and fade away. The rapidly iterative nature of AI attacks can be seen in how signals can suddenly appear and then quickly spike. Due to AI's ability to unlock attack evolution at speed and scale, organizations need email security tools that feature defensive agentic AI to keep pace.

Evasion stacking trends

Our research included mapping various evasion stacking methods – attacks that employ multiple evasion techniques simultaneously to maximize the likelihood of bypassing security controls. Our analysis reveals that 34.7% of all observed attacks employed two or more evasion techniques in the same campaign.

Some common stacking combinations include:

• LOTS + QR codes: Attackers host a PDF on Google Drive containing a malicious QR code. The Google Drive URL passes reputation filters, the PDF passes malware scans, and the QR code redirects to a credential harvesting site only when scanned on a mobile device.
• Brand impersonation + thread hijacking: Attackers reply to an existing email thread while impersonating a known brand like Docusign, combining the trust of conversation context with brand recognition.
• VIP impersonation + calendar invites: Executive impersonation combined with a calendar invite containing a callback number, exploiting both authority bias and the tendency of calendar systems to bypass email security.

The strategic implication is clear: traditional layered security approaches that rely on blocking individual attack vectors are insufficient. Organizations need behavioral analysis that can detect social engineering patterns regardless of the technical delivery method.

Be aware of opportunistic service abuse attacks

While security teams are aware of abuse on major cloud platforms like Google Drive, OneDrive, and Dropbox, we saw a noticeable shift toward newer and more specialized LOTS attacks. Analysis revealed that 32.8% of observed email attacks leveraged uncommon or emerging platforms rather than well-known services.

These emerging platforms fall into several categories: page and form builders like Jotform and Typeform, customer support platforms like LiveAgent Desk, document and file sharing services like WeTransfer, and collaborative workspaces like Notion and Airtable. The surge in new services by startups, alongside the rise of AI-assisted content tools, has created a long tail of small providers that lack the resources to effectively police user-generated content.

Looking ahead: Attackers are optimizing for trust

The 2026 email threat landscape is defined by the exploitation of trust and the rapid pace of change in attacker tactics. Attackers are investing in context and, through context, exploiting trust at scale. Just as sophisticated actors target the trust invested in vendor relationships through supply chain compromises, phishing operators exploit trust in ongoing conversations through techniques like thread hijacking – all targeting the assumption that established relationships are inherently safe.

Organizations need to move beyond static defenses to deploy adaptive detection systems that can identify social engineering patterns regardless of technical delivery method. The combination of deterministic rules, machine learning models, and agentic AI provides the full-spectrum coverage needed to counter both established and emerging tradecraft in today's rapidly evolving threat landscape.

Read the full report for a deeper dive into the numbers and to get actionable recommendations for security practitioners.