Email threats in 2026: How AI and phishing-as-a-service are changing the game – by Barracuda

A data-driven look at the attacker tactics reshaping email security—and how to strengthen defenses against deception and identity compromise

Key takeaways

• Email threats in 2026 are increasingly driven by AI and phishing-as-a-service, making attacks more sophisticated and accessible.
• Impersonation and identity compromise are at the forefront, with phishing accounting for nearly half of all malicious email activity.
• Attackers are shifting tactics by using URLs, QR codes, and HTML files to evade traditional security solutions, requiring new detection strategies.
• Account takeover incidents are becoming more common, emphasizing the need for rapid detection, automated response, and layered defenses.
• Organizations must prioritize inspecting HTML attachments and securing QR codes to counter evolving phishing methods.

The landscape of email threats is changing at an unprecedented pace, as highlighted by Barracuda’s 2026 Email Threats Report. This post is designed to equip MSPs and IT professionals with actionable knowledge about the latest attacker tactics — such as AI-driven phishing and phishing-as-a-service — and to provide practical guidance for enhancing organizational defenses against these evolving risks.

The evolving nature of email threats

One of the most notable shifts in email threats is the move toward deception and identity compromise. Nearly half of all malicious email activity is now phishing, making impersonation attempts a significant risk for businesses of all sizes. Attackers are increasingly utilizing URL-based delivery methods instead of traditional file-based malware, making these threats harder to recognize and block using standard security solutions.

Account takeover incidents are becoming more frequent, fueled by the rise of phishing-as-a-service platforms that enable cybercriminals to launch attacks at scale. This trend underscores the critical need for layered email security, robust identity protection and rapid, automated threat detection and response strategies to mitigate risks effectively.

Key findings from Barracuda’s 2026 Email Threats Report

• Phishing accounts for 48% of malicious email activity, emphasizing the need for anti-impersonation controls and identity-centric defense strategies.
• Over one-third of organizations report at least one account takeover per month, underlining the importance of swift detection and remediation capabilities.
• HTML-based attachments are frequently malicious, so inspecting and controlling HTML content is crucial, not just traditional attachments.
• QR codes embedded in PDFs are commonly used to direct users to phishing websites, suggesting that QR code scanning and link protection should be considered core email defenses.
• High-volume phishing campaigns often leverage phishing-as-a-service kits, reinforcing the necessity for automation and layered defense mechanisms.

What these trends mean for MSPs and IT Teams

To counter modern email threats, organizations, and the MSPs that support them, need a comprehensive approach. Integrated email security, advanced identity protection and automated response systems are now essential for maintaining business operations amid increasingly sophisticated attacks.

Actionable steps to help customers strengthen email security

1. Enhance user verification: Strengthen anti-impersonation measures and deliver ongoing user awareness training, focusing on threats like malicious URLs, QR codes, and deceptive HTML content.
2. Enforce identity protection: Implement multifactor authentication (MFA), monitor for suspicious sign-ins and tighten access controls to limit the impact of compromised credentials.
3. Expand threat inspection: Increase scrutiny of both attachments and embedded links, including QR codes in emails and documents, to catch evolving phishing tactics.
4. Prepare for account takeover: Develop playbooks for rapid credential resets, session and token revocation, and clear escalation procedures in case of compromise.
5. Automate detection and response: Deploy solutions that can quarantine suspicious messages quickly and reduce the time threats remain undetected.

Building resilience in a changing landscape

Email security is a dynamic challenge that demands continuous vigilance and adaptation. By understanding the insights outlined in Barracuda’s 2026 Email Threats Report, MSPs and IT professionals can help their organizations build more resilient, integrated and automated defenses against evolving email threats. For a deeper dive into the data and recommendations, review the full report and stay informed about the latest tactics in cybercrime.