In every organization, from sole proprietors to global conglomerates, email serves as the primary communication channel for business operations—and the most reliable entry point for threat actors.

What makes email particularly effective for attackers isn’t just its ubiquity, but its direct access to the human element. Employees must constantly engage with the inbox, creating countless opportunities to exploit psychology, familiarity, and routine behavior through seemingly benign interactions. This dynamic rewards cybercriminals who can convincingly operate within legitimate correspondence rather than outside it.

Read on to learn about some of the sophisticated threats we anticipate escalating in the coming year and explore real-world examples of attacks Abnormal customers received in 2025.

During the first part of the decade, malicious QR codes seemed to be everywhere, and threat actors went all in on QR code phishing attacks. Initially, these attacks relied on simple pretexts and involved minimal steps. Typically, threat actors sent a single email containing a malicious QR code that, when scanned, led the target directly to a fake login page—often an impersonated Microsoft or Google portal—with a prompt to enter their credentials.

But over the past year or two, threat actors have begun utilizing malicious QR codes in considerably more complex ways. Multi-stage QR code phishing incorporates additional steps into the attack flow to better support the appearance of legitimacy and evade detection. Moreover, whereas traditional QR code phishing attacks primarily revolved around fraudulent multi-factor authentication expiration notices and shared document notifications (which at one point accounted for nearly 50% of all QR code attacks detected by Abnormal), multi-stage QR code phishing attacks leverage a variety of pretexts.

Thus, by the time targets reach the credential harvesting page, they've been conditioned through multiple interactions to trust the workflow. Often, the final page also includes sophisticated personalization, such as company branding or pre-populated email addresses. This layered approach not only minimizes the target’s suspicions but also helps attackers bypass security controls that may flag direct redirects to known malicious domains.

Real-World Example of Multi-Stage QR Code Phishing

In this attack, the threat actor initiates contact by submitting an information request via a form on the targeted organization’s website. That submission prompts a legitimate employee to reach out, creating a real thread the attacker can then exploit.

In their reply, the attacker assumes the identity of a vendor-side representative. The message presents a request for quote (RFQ)-related pretext and includes end-of-quarter urgency, encouraging the recipient to prioritize the request. To increase the appearance of legitimacy, the threat actor uses a recently registered look-alike domain and incorporates official-looking branding, a corporate address, and professional signature elements.

The attacker instructs the recipient to scan a QR code “using your phone’s camera” to access the supposed RFQ specifications. This shifts the interaction to a mobile device outside corporate email protections and bypasses link-scanning controls.

When scanned, the QR code redirects the victim to a “Verify you are human” page. The final URL includes the target’s email address as a path component, indicating the flow is personalized and likely used to prefill downstream content.

After this verification step, the target is presented with a branded login page mimicking the company’s authentication portal. The page displays the correct email address already prefilled and requests a password, positioning the attacker to harvest credentials if the target submits their information.

Discover more about where the attack landscape is headed. Download the Report →

In thread-spoofed vendor impersonation attacks, threat actors use fabricated email threads that appear to be legitimate correspondence between a vendor and an internal employee to establish a believable pretext. The attacker inserts the fake message chain into their initial email to act as supporting evidence that validates the authenticity of their inquiry, which is usually related to a financial workflow—such as updating bank details or resolving an overdue invoice. In the thread, the impersonated employee grants permission to proceed with the impersonated vendor’s request.

Typically, the employee the attacker is posing as is an authority figure, which creates pressure to comply, and the fictitious exchange is specific enough to feel relevant but also generic enough to avoid accidentally creating flags that indicate the request is fraudulent. To create a semblance of authenticity, attackers commonly use look-alike domains and, when possible, leverage compromised legitimate domains to bypass blocklists. They will also include fabricated documentation, such as doctored invoices and even altered tax forms, to deceive targets into completing the transaction.

Real-World Example of Thread-Spoofed Vendor Impersonation

At its core, thread-spoofed vendor impersonation is quintessential social engineering. It exploits human psychology, relies on the imitation of trusted parties, and leverages a convincing pretext to manipulate the target into making a harmful decision. The example below is an excellent demonstration of these elements in action.

Sent from a compromised legitimate address, the message purports to be from ZoomInfo, a well-known business intelligence platform, and uses a subject line that appears as a forward (Fw: Prospect Intelligence Platform – Discover Hidden Opportunities). The attacker informs the target that the CEO, “P.Z.,” has asked them to send an outstanding invoice for payment and invites the recipient to “Please see the conversation below for more details."

As is typical of thread-spoofed vendor impersonation attacks, the phrasing is vague and oriented toward immediate payment. The body emphasizes urgency with phrases like "We aim to resolve this matter promptly to ensure the payment is processed as soon as possible" and "We appreciate your prompt attention to this to avoid any service interruptions." The attack included two attachments: an invoice requesting nearly $50,000 via ACH payment and a W-9 form presented as vendor verification.

Should the target proceed with processing the invoice, they will unknowingly transfer tens of thousands of dollars directly to the threat actor.

Explore more attacks expected to escalate in 2026. Download the Report →

Payroll fraud is a form of business email compromise (BEC) in which threat actors impersonate employees to redirect paychecks to attacker-controlled bank accounts. These attacks exploit human trust and payroll processes rather than technical vulnerabilities, typically beginning with a message to HR or payroll teams, falsely claiming a need to update direct deposit information, often under the guise of urgency or confidentiality. Because the emails contain no links or attachments to analyze, have no obvious spelling or formatting errors, and closely resemble legitimate internal communications, they often evade both traditional security controls and employee suspicion.

Generative AI has further amplified the effectiveness of these threats by automating both reconnaissance and execution. Attackers can quickly identify the appropriate target, determine which employee to impersonate, and tailor messages to specific organizational roles using AI-driven research tools. They then use generative AI to craft highly personalized, grammatically flawless emails that mirror an individual’s tone and communication patterns. The resulting impact is immediate and personal: diverted wages may go unnoticed until a missed paycheck, while organizations face reputational harm, erosion of internal trust, and potential regulatory consequences.

Real-World Example of AI-Generated Payroll Fraud

The attack begins with a simple, text-only email sent from a compromised legitimate account. While the sender address itself is unrelated to the organization, the attacker obscures this mismatch by setting the display name to a Senior Vice President at the target company. This subtle manipulation creates the illusion of an internal executive reaching out directly to payroll, immediately establishing authority and familiarity. The subject line, “PAYROLL UPDATE,” paired with a personalized greeting, further signals relevance and increases the likelihood of engagement.

The pretext centers on a routine administrative task: the supposed executive claims to have recently changed banks and asks for help updating direct deposit information. This exploits a common, low-friction business process that payroll staff regularly handle, making the request appear normal and non-urgent on the surface.

To advance the fraud, the attacker asks the recipient to send a Direct Deposit Authorization Form as an attachment. This shifts the burden of initiating the process to the target and keeps the interaction within normal payroll procedures. It also gives the attacker a straightforward way to submit fraudulent banking details under the guise of standard documentation.

The email closes by asking when the updated deposit information will take effect, signaling intent to synchronize the change with an upcoming payroll cycle. The message is concise, polite, and free of contextual specifics—traits consistent with AI-generated, reusable templates designed to blend seamlessly into everyday payroll communications.

The potency of these threats lies in their ability to seamlessly blend into normal business activity. By impersonating known contacts, leveraging compromised accounts, and weaponizing trusted platforms, attackers generate messages that are structurally and contextually consistent with ordinary enterprise communication, eroding the reliability of traditional indicators of compromise.

The result is a threat landscape in which conventional security solutions, such as legacy secure email gateways, struggle to distinguish malicious intent from authorized activity. Built to identify known indicators and overtly suspicious signals, these tools are ill-suited to stop attacks designed to appear routine, credible, and contextually appropriate. Closing this gap requires AI-native defenses that understand identity, behavior, and context across interactions and automatically detect anomalies, rather than relying on predefined rules or static signals.

For even more insights into the emerging threat landscape, download our report, 2026 Threat Outlook: 5 Email Attacks You Need to Know.