One in three emails today is either unwanted or malicious, according to a new report from Barracuda Networks. At the same time, AI and “phishing-as-a-service” are driving a sharp rise in sophisticated phishing campaigns and account takeovers.
The 2026 Email Threats Report reveals that both the scale and effectiveness of phishing attacks are increasing. A key factor is phishing-as-a-service, which is used in 90 percent of large-scale campaigns. Combined with AI-driven social engineering, this enables attackers to operate more systematically while improving their chances of success.
Attackers change tactics
Attack methods are evolving. Rather than relying on traditional attachments, attackers increasingly use links embedded in documents or delivered via QR codes that redirect to malicious websites. The report finds that 70 percent of malicious PDF files contain QR codes linking to phishing pages.
Attackers are also making greater use of compromised email accounts. By sending messages from legitimate senders, they can bypass many security controls and increase the likelihood that recipients will trust the content.
At the same time, 34 percent of organizations report experiencing at least one account takeover each month.
The analysis is based on global data from January 2026 and covers over 3.1 billion emails. Key findings include:
• One in three emails is malicious or unwanted spam
• 48 percent of all malicious email is phishing
• 34 percent of organizations experience at least one account takeover per month
• More than 10 percent of HTML attachments are malicious
• 70 percent of malicious PDF files contain QR codes that lead to phishing sites
• 90 percent of large phishing campaigns use phishing-as-a-service
Email remains a central tool
“Email is no longer just a communication channel; it is central to how identities are managed, trust is built and businesses operate,” says Merium Khalid, Director of SOC Offensive Security, Office of the CTO at Barracuda Networks.
“As attackers industrialize phishing using AI and service-based tools, defenses must evolve at the same pace. Organizations that stay ahead prioritize integrated email security alongside identity protection and automated responses as part of a broader strategy to resist attacks.”
“When preventive measures, rapid detection and automated incident response work together, companies can reduce risk, limit the impact of compromised accounts and maintain operations even as threats increase.”
AI and phishing-as-a-service reshape the threat landscape
Growing use of AI in cybercrime makes phishing attacks more convincing, automated and harder to spot. Previously, spelling mistakes, generic phrasing and poor language use often revealed scams. With generative AI, attackers can now craft professional, customized emails in multiple languages with high precision.
Phishing-as-a-service also enables less technically skilled actors to carry out sophisticated attacks. Ready-made platforms sold on criminal forums provide phishing kits, automated campaign tools, fake login pages and mechanisms to evade security filters.
This trend means companies must strengthen protections around identities, cloud services and email platforms such as Microsoft 365 and Google Workspace. Security experts highlight that Zero Trust strategies, multi-factor authentication and AI-based threat detection are increasingly important to reduce risk.
What this means for Swedish organizations
For Swedish businesses, the shift means email security can no longer be treated as an isolated IT issue. As AI automates social engineering and phishing, organizations need integrated security platforms, continuous monitoring and ongoing user training.
Public sector bodies, financial institutions, educational organizations and healthcare providers are particularly vulnerable, as they handle large volumes of identity data and critical business information daily.
What this means for MSPs in the Nordics
For managed service providers and security partners in the Nordics, demand is rising for managed detection and response, SOC services, identity protection and automated incident management. Companies increasingly seek comprehensive solutions that combine email security, AI-driven analysis and account takeover protection.
This growing need also creates new business opportunities for cybersecurity and managed service vendors.
Risks and opportunities
Risks include more frequent cyber incidents, identity theft, operational downtime and financial fraud. At the same time, organizations that invest in modern cybersecurity, automation and AI-driven defenses can gain a competitive advantage.
Companies that take a proactive approach to security strategy and identity protection are likely to be much better positioned as the threat landscape continues to evolve.
Read the report here»