8.3 Billion Phishing Threats in 90 Days: Why Email Security Needs Both Detection and Prevention

• Microsoft Threat Intelligence detected 8.3 billion email phishing threats in Q1 2026, with QR code phishing increasing 146% over the quarter and CAPTCHA-gated phishing more than doubling in March compared to February.
• Microsoft's own benchmarking shows Microsoft Defender removes 70.8% of malicious email post-delivery, after it has already reached the inbox.
• AI-generated phishing reached 56% of all phishing attempts by December 2025, a 14x increase over the year.
• A multilayered approach that combines detection with prevention, led by Deep CDR™ Technology, neutralises file-based threats before they reach users, regardless of whether the threat is known.

If you run email security for a large organization, the past quarter probably felt familiar. A wave of QR code attachments. A spike in HTML files behaving strangely. A suspicious PDF that slipped past the gateway, then got pulled from inboxes hours later. Every alert handled, every ticket closed, but the same nagging question underneath: how much of this are we actually catching in time?

Microsoft's Q1 2026 email threat landscape report shows the hard numbers behind the question. In three months, Microsoft Threat Intelligence detected 8.3 billion email-based phishing threats, watched QR code phishing climb 146%, and saw CAPTCHA-gated phishing more than double in March alone.

The headline isn't the volume. It's the velocity of change, and what it exposes about the limits of detection-only controls.

CAPTCHA-gated phishing more than doubled in March (+125%), reaching its highest monthly volume in over a year.

Microsoft observed that threat actors were actively rotating delivery methods monthly, testing which formats bypass email defenses the best. The behavior is more telling than the volume on its own.

• In January, HTML attachments were the top delivery method (37%); they dropped 34% in February, then more than doubled in March
• SVG files spiked 49% in February, then fell 57% in March
• PDF attachments delivering CAPTCHA-gated phishing more than quadrupled in March (+356%), eclipsing their annual high by 37%
• DOC/DOCX payloads jumped almost five-fold (+373%) in March, reaching 15% of CAPTCHA-gated phishing delivery
• Email-embedded URLs, once over half of CAPTCHA-gated phish, hit an eight-month low before partially rebounding

A control tuned to catch HTML payloads in February tells defenders very little about whether it will catch the PDF surge in March.

Detection-based email security operates on one question: is this a threat?

However, its efficacy depends on the solution having encountered the threat before (or at least something similar). But Zero-Days and AI-increased payloads outpace signature lookups and single-engine ML models, evading detection. It’s telling that AI-generated phishing increased 14x in December 2025, reaching 56% of all phishing attempts by December 2025, according to Hoxhunt Phishing Trends Report, since these threats are harder to catch.

The inspection burden is widened by format weaponization; attackers send malicious content via HTML, PDF, SVG, DOC/DOCX files, and URLs. Each format has its own active-content surface that detection engines must learn to inspect individually, limiting detection even more.

Finally, Microsoft's own benchmarking shows Microsoft Defender removes an average of 70.8% of malicious email post-delivery. Native cloud defenses leave gaps, leading to exposures, even on brief dwell time. By the time remediation occurs, a user could have already opened, forwarded, or acted on a malicious attachment.

This isn’t to say that detection doesn’t matter anymore. Detection-based email security works excellent against known threats. But on its own, it's no longer enough for the threat patterns Microsoft documented this quarter.

No email security control eliminates every threat, but one defensible position is maximum coverage, which now means combining detection with prevention. If your email security strategy still relies primarily on identifying threats before blocking them, the payload rotation Microsoft documented this quarter shows you how vulnerable you are.

Adding prevention to the stack

A multilayered approach asks a different question alongside detection: does this attachment still contain active content?

OPSWAT’s Deep CDR™ Technology doesn't try to identify if a file is malicious. Assuming all files could be, it deconstructs files, removes potentially risky elements, and delivers a safe version. The user receives a working document. The threat, known or unknown, is gone.

When PDFs carrying CAPTCHA-gated phishing payloads quadrupled, a Deep CDR™ Technology-protected environment doesn't need to recognize the new variant. The active content that makes the attack work is removed regardless. The same applies to weaponized DOC/DOCX, SVG, HTML, and ZIP attachments, and to QR codes embedded in PDFs, Q1 2026's fastest-growing attack vector, with PDFs accounting for 70% of malicious QR delivery.

Deep CDR™ Technology is validated by SE Labs as the first-ever CDR solution to achieve a 100% Protection and Accuracy score.

Closing the zero-day gap with MetaDefender Aether™

Sanitization neutralizes active content. Some attachments still warrant deeper behavioral inspection, particularly evasive payloads designed to look benign at static analysis. MetaDefender Aether Sandbox extends prevention into emulation-based dynamic analysis, exposing malicious behavior in suspicious attachments and returning a single trusted verdict for faster triage. With a 99.9% zero-day detection rate, Aether closes the residual gap left by sanitization and multiscanning alone.

MetaDefender Email Security™ is OPSWAT's multilayered answer for the threats Microsoft's Q1 2026 data describes. Two deployment models, same combined detection and prevention foundation.is OPSWAT's multilayered answer for the threats Microsoft's Q1 2026 data describes. Two deployment models, same combined detection and prevention foundation.

MetaDefender Email Gateway Security™ (EGS) is deployed as software in front of existing mail servers at the SMTP/MX level. It applies Deep CDR™ Technology across 200+ file types, MetaDefender Aether Sandbox, Metascan multiscanning across 30+ AV engines for the broadest known-threat coverage, phishing detection, Proactive DLP, and Predictive Alin AI, a pre-execution AI layer that flags AI-generated and polymorphic attachments in milliseconds, with offline-capable operation for OT/ICS and air-gapped environments.

MetaDefender Cloud Email Security™ (CES) augments Microsoft 365 environments, deploying in minutes with no MX record changes. Against the file-based payload trends Microsoft documented (HTML, PDF, DOC, ZIP, SVG weaponization) CES applies Deep CDR™ Technology, MetaDefender Aether, Metascan™ Multiscanning with up to 17 AV engines, and Predictive Alin AI to inspect and sanitize every attachment across inbound, and outbound mail flows, including encrypted files.

Due to our relentless commitment to bring to market innovations that would keep our customers safe even from modern-day threats such as AI-generated attacks, OPSWAT now protects more than 2,000 organizations worldwide.