Threat Actors Attacking Outlook and Google Bypassing Traditional Email Defenses

Threat actors are systematically compromising Outlook and Google mailboxes with alarming success, leveraging sophisticated techniques that sidestep traditional email defenses entirely.

According to VIPRE’s Q3 2025 Email Threat Report, over 90% of phishing attacks specifically target these two dominant email ecosystems, representing a calculated strategic shift by attackers seeking to maximize impact while minimizing operational complexity.​

The data reveals a troubling reality: as technical defenses have strengthened, attackers have adapted by weaponizing trusted infrastructure against itself.

Rather than deploying cutting-edge malware or zero-day exploits, cybercriminals are using deceptively simple tactics deployed with unprecedented sophistication.

Free email services, including Gmail and Outlook, accounted for 32% of all spam campaigns observed in Q3, with attackers leveraging these platforms’ inherent trustworthiness and easy account rotation to maintain high deliverability rates.​

The Evasion Tactics

The most alarming trend involves compromised URLs that operate as open redirects. These attacks begin with ...