Managed Services Providers (MSPs) stand on the front lines of cybersecurity, and with email-based attacks continuing to surge in volume and sophistication, your role in protecting clients has never been more critical. Email remains the primary conduit for most cyber threats, and criminals are relentlessly innovating with new technologies and strategies to breach defenses.
Barracuda’s 2025 Email Threats Report offers vital intelligence on the current threat landscape, detailing how attackers leverage novel malicious links and content to evade detection—insights MSPs can use to bolster client security postures.
Emerging threats MSPs must prioritize
The Barracuda report uncovers several key statistics that highlight the evolving email vulnerabilities MSPs must prepare their clients for:
- The sheer volume of malicious traffic is staggering: Nearly a quarter (24 percent) of all email messages are now categorized as malicious or unwanted spam, demanding robust filtering and threat intelligence for your clients.
- Account takeover (ATO) attempts are rampant: Approximately 20 percent of organizations faced at least one attempted or successful ATO incident monthly in the past year, typically originating from phishing, credential stuffing, or weak password management. This underscores the need for MSPs to implement strong authentication and monitoring services.
- HTML attachments are a favored weapon: 23 percent of HTML attachments are malicious, and HTML files constitute over three-quarters of all detected malicious files. Attackers embed malicious content within these files to bypass traditional security tools, a tactic MSPs must counter with advanced inspection capabilities. Beyond this, MSPs must also prepare clients for increasingly sophisticated phishing attacks powered by generative AI, which can create compelling malicious emails, audio, and visuals that traditional detection may not cover.
- QR codes are increasingly exploited in attachments: 68 percent of malicious PDF attachments and 83% of malicious Microsoft documents now contain QR codes designed to redirect unsuspecting users to phishing websites. MSPs should educate clients on this emerging vector.
- Bitcoin sextortion remains a threat: Attackers are shifting sextortion attacks to attachments in order to avoid detection. These scams account for 12 percent of malicious PDF attachments, preying on user fear and requiring proactive client education.
- DMARC adoption lags, creating significant risk: A striking 47 percent of email domains lack Domain-based Message Authentication, Reporting and Conformance (DMARC) configuration. This absence leaves client domains vulnerable to spoofing and impersonation attacks. For MSPs, this presents an opportunity to provide essential configuration and management services, as DMARC is crucial for protecting against domain spoofing.
- Binary files pose a direct malware threat: 87 percent of detected binary files were malicious. Barracuda emphasizes the need for “strict policies against executable files being sent via email.” MSPs should advise clients to block unnecessary binaries and ensure all downloads are rigorously scanned before execution.
Evolving attacker playbook: Beyond traditional defenses
As these statistics illustrate, attackers are employing a multifaceted approach—utilizing PDFs, binaries, QR codes, and weaponized HTML—to increase their success rates and bypass traditional firewalls and email filters. This evolution in tactics makes identifying malicious emails more difficult, creating numerous opportunities for criminals to penetrate networks and exfiltrate sensitive data and credentials. This requires a shift in how MSPs approach email security for their clients, progressing beyond basic defenses to more sophisticated, layered strategies.
Strategic defense solutions for MSP service portfolios
For MSPs dedicated to safeguarding their clients, several critical technologies and strategies can be packaged and deployed to significantly reduce the success rate of email-based attacks. A multi-layered approach that integrates artificial intelligence (AI)-based threat detection to identify hidden attacks within attachments and malicious websites is essential. Implementing best practices such as DMARC, regular awareness training, and robust email policies lays the foundation for a strong defense.
The Barracuda report offers several recommendations that MSPs can translate into valuable services:
- Deploy and manage multi-layered email security solutions: MSPs should vet, implement, and manage comprehensive email security solutions for clients. Ensure spam and malware filters are meticulously configured and conduct regular health checks on email gateways. Emphasize solutions incorporating AI-based threat detection to identify malicious messages crafted to evade traditional defenses.
- Strengthen and manage user access controls: Offer services to implement and manage multifactor authentication (MFA) across client organizations. For clients with heightened security needs, propose and manage advanced Zero Trust strategies, continuously verifying and restricting user access strictly to the data and applications essential for their roles.
- Provide automated incident response services: Develop or partner to offer automated incident response solutions. This service can dramatically reduce the impact of a successful attack by rapidly initiating remediation processes and alerting the appropriate client and MSP team members, ensuring swift containment and recovery.
- Deliver ongoing cybersecurity awareness training as a service: Package and deliver regular cybersecurity awareness training programs to educate client users about the latest email threats. Utilize phishing simulation tools for email and voice (vishing) to provide practical experience in identifying attacks. These simulations help MSPs identify which client employees require additional, targeted training, demonstrating ongoing value.
- Implement and manage DMARC for client domains: Guide clients through proper DMARC setup, ensuring policies are set to “p=reject” to block unauthenticated emails effectively. Offer ongoing DMARC report analysis as a managed service to provide visibility into unauthorized email activity and refine protection. Properly configured DMARC not only helps prevent domain spoofing and phishing but also improves legitimate email deliverability, protecting the client’s reputation.
- Offer robust backup and disaster recovery (BDR) services: Ensure all client data is securely backed up in an isolated environment. Your BDR service should guarantee fast restoration capabilities, and these systems must be regularly tested to confirm efficacy. This is a critical safeguard to minimize damage from any successful email-based attack
Empowering MSPs: The path to enhanced client security
While email-based attacks persistently represent a primary vulnerability for businesses, MSPs are uniquely positioned to counter this threat. MSPs can dramatically reduce the likelihood of successful attacks on their clients by leveraging the right technology and implementing robust processes. Delivering continuous awareness training further strengthens their clients’ security posture. Staying informed on the evolving threat landscape through resources like the Barracuda 2025 Email Threats Report enables you to deliver superior protection. It also helps you solidify your indispensable value to your clients.
You can download the Barracuda report here.
This article was originally published at Managed Services Journal.
Photo: PeopleImages.com – Yuri A / Shutterstock
This post originally appeared on Smarter MSP.