IN Q1 2026, Microsoft Threat Intelligence detected 8.3 billion email-based phishing threats, with a decrease in volume from January to March. Notably, QR code phishing saw a 146% increase, becoming the fastest-growing attack vector. Credential phishing dominated the payload landscape, rising to 94% of total malicious payloads. Business email compromise (BEC) attacks totaled 10.7 million, primarily involving generic outreach messages.
The Tycoon2FA phishing-as-a-service platform was significantly disrupted, leading to a 15% decrease in associated email volume post-action. New trends included CAPTCHA-gated attacks and the evolution of delivery methods for different payload types. Key recommendations for organizations include user training, monitoring settings, and implementation of advanced security tools to mitigate these threats.