Cofense Annual Report Indicates 105% Increase in Malicious Emails Bypassing Secure Email Gateways

Report reveals critical insight and trends into the evolving email security threat landscape.

February 20, 2024

LEESBURG, Va. – February 20, 2024 – Cofense® , the pioneer and leading provider of email security awareness training (SAT) and advanced phishing detection and response (PDR) solutions, today announced the release of its 2024 Annual State of Email Security Report. The data included in this report are curated from the Cofense Phishing Detection Center which has a 99.998% positive accuracy rate and reveals alarming trends and critical insights into the current landscape of email security. 

The Cofense Phishing Detection and Response Platform, powered by over 35 million Cofense-trained employees, detected a record-setting number of malicious emails and phishing campaigns in 2023.  In just two years, Cofense PDR identified over 1.5 million malicious emails bypassing their customers’ Secure Email Gateways (SEGs), signaling a 37% increase in threats compared to 2022, and a staggering 310% increase over 2021. To put this in context, the report highlights that Cofense detected at least one malicious email bypassing their customers’ SEGs every 57 seconds. 

“As we unveil the statistics from the 2024 Annual State of Email Security Report, it’s evident that the email-based attack vector is evolving at an unprecedented pace going into 2024,” said David Van Allen, CEO of Cofense. 

The Cofense Annual Report points out that secure email gateways struggle to keep pace with sophisticated phishing campaigns and relying on ‘good enough’ email security is no longer an option for most enterprises.  

“The data we present in this report speaks directly about the escalating sophistication of cyber threats, which demand a different approach to effective email security. Cofense  remains committed to providing enterprise solutions to keep up with evolving threats,” said Van Allen.

The Email Security Landscape 

The report highlights that email remains the primary attack vector for cybercrime, with 90% of data breaches originating from phishing attacks aimed at employees. Secure email gateways are struggling to keep pace with the rapidly evolving nature of phishing campaigns, evidenced by a concerning 104.5% increase in the number of malicious emails bypassing SEGs in 2024. Credential phishing, the preferred method of threat actors, also saw a staggering 67% increase in volume compared to the previous year. Other top trends in 2023 included:   

  • Phishing campaigns evolved – In 2023 Cofense saw an increase in tactics like vishing, smishing, brand impersonation, and QR code phishing that bypass SEGs. Cofense reported a 331% increase in QR code active threat reports (ATRs) last year. 
  • Healthcare and finance remained the top targeted industries – Increases in malicious emails bypassing SEGs in those industries at 84.5% and 118%, respectively. 
  • New malware families, including DarkGate and PikaBot, emerged to fill the gap left by the FBI’s dismantling of the Qakbot infrastructure. 

Emerging Threats to Watch: 

  • Brand Impersonation and Vishing: Brand impersonation and vishing campaigns are on the rise, with threat actors exploiting these tactics to deceive employees. These attacks are efficient at bypassing SEGs, as they often lack attachments or obvious links. 
  • Resurgence of Emotet/Geodo: Despite law enforcement actions in 2021, Emotet/Geodo resurfaced in 2023, highlighting the persistence and adaptability of this destructive malware. 
  • Agent Tesla Keylogger: A persistent threat throughout 2021 and 2022, Snake Keylogger remained a significant risk in 2023. As we go into 2024, its ability to evade detection by antivirus software makes it a concerning threat to organizations. 
  • FormBook’s Menace: A consistent threat, FormBook is an information-stealer malware focused on accessing sensitive information from infected systems. Businesses are urged to proactively safeguard against this pervasive threat. 
  • Google AMP Phishing Tactic: A new phishing tactic leveraging Google Accelerated Mobile Pages (AMP) has been identified, proving highly successful. Cofense reports a 1,092% increase in Google AMP emails bypassing secure email gateways in the last six months of 2023. 
  • Business Email Compromise (BEC): BEC remains one of the most devastating cybercrimes, with scammers exploiting conversational-based phishing attacks. Traditional defenses often fail to catch these attacks, resulting in billions of dollars being stolen annually.

About Cofense 

Cofense® is the original and leading provider of security awareness training and phishing simulation, offering one-of-a-kind global enterprise-level advanced email threat detection and remediation solutions. Cofense PhishMe® and Cofense Phishing Detection and Response Platform (PDR) offer the world’s only solution leveraging over 35 million Cofense-trained employees who actively report suspected phishing and other dangerous email threats in real-time. Exclusive only to Cofense, this reporting system ingests and catalogs thousands of potential threats per day that are missed by current email gateway technologies and then eradicates those threats from customer inboxes. In short, Cofense sees and stops threats other email security systems miss. 


See Cofense in action.

Request a Demo

You'll learn how to:

  • Transform your employees into cyber-resilient assets and active phishing reporters.
  • Automate classification and remediation of AI-powered attacks that bypass your traditional or AI-based SEG.
  • Leverage globally-sourced threat intelligence to identify and mitigate post-compromise risk