2026 Email Threats Report Finds Attackers Adopting Stealthier Delivery Methods,
Underscoring Need for Integrated, Multilayered Email Protection

Key findings:

• AI‑driven social engineering and phishing‑as‑a‑service are accelerating attacker operations, driving an increase in both the volume and success rate of email attacks.
• Adversaries are shifting to stealthier delivery methods, including URL‑based payloads, QR‑code‑embedded documents and account takeover techniques that bypass traditional defenses.
• The research reinforces the need for integrated, multilayered email protection as part of a broader cyber resilience strategy, ensuring organizations can prevent, detect and recover from fast-moving threats.

India, May 13th, 2026 — Barracuda Networks, Inc., a leading global cybersecurity company providing complete cyber resilience made easy to buy, deploy and use for all size business, today released the 2026 Email Threats Report. New findings from Barracuda Research, the threat intelligence arm of Barracuda, show that AI‑driven social engineering and phishing‑as‑a‑service are accelerating both the volume and effectiveness of email attacks, enabling adversaries to scale credential‑phishing operations and increase the success rate of targeted campaigns.

The report also highlights a shift in attacker tactics, with threat actors moving from file‑based payloads to URL‑based delivery and embedding QR codes in trusted document formats to disguise malicious destinations. Attackers are further exploiting account takeover techniques to bypass traditional defenses and deliver highly convincing messages from compromised inboxes, underscoring the need for integrated, multilayered email protection.

Based on global telemetry collected in January 2026, Barracuda Research analyzed more than 3.1 billion emails, looking at malicious, spam or otherwise unwanted emails to quantify these trends and assess their impact on organizations worldwide. Findings include:

• 1 in 3 email messages are malicious or unwanted spam
• 48% of malicious email activity is phishing
• 34% of companies experience at least one account takeover incident every month
• More than 10% of HTML attachments are malicious
• 70% of malicious PDFs contain QR codes leading to phishing websites
• 90% of high-volume phishing campaigns used phishing-as-a-service kits

“Email is no longer just a communication channel — it’s the front line of identity, trust and business continuity,” said Merium Khalid, Director of SOC Offensive Security, Office of the CTO, Barracuda. “As attackers industrialize phishing with AI and phishing‑as‑a‑service, the future of defense must evolve just as quickly. Organizations that stay ahead will prioritize integrated email security layered with identity protection and automated response as part of a broader, resilience-driven strategy. When prevention, rapid detection and automated incident response work together, businesses can reduce risk, limit the impact of account compromise and maintain continuity even as threats accelerate.”

To read the full report, visit https://www.barracuda.com/reports/2026-email-threats-report.

About Barracuda
Barracuda is a leading global cybersecurity company delivering complete resilience made easy to buy, deploy and use through a partner-first model. Our intelligent BarracudaONE platform provides cyber resilience across email, data, applications, networks, and managed XDR within an open ecosystem. Trusted by hundreds of thousands of organizations and partners worldwide, Barracuda delivers industry-leading solutions and support, powered by people and enhanced by AI, for all size business.

Barracuda Networks, Barracuda, and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S., and other countries.