Skip to main content

Phishing Threat Database

How do we catch these threats?

The Cofense Phishing Detection Center (PDC) acts as a SOC-as-a-service, supporting thousands of leading organizations. With over 35 million trained users and real-time threat reporting, our platform combines automated analysis with expert verification, ensuring reliable and efficient protection. Here, you’ll find real-world phishing emails that bypassed even advanced security measures, posing risks to revenue and reputation.

Microsoft ATP

Social Security Administration and Docusign-spoofing campaign found in environments protected by Microsoft ATP and Cisco IronPort delivers Credential Phishing via an embedded URL which leads to a QR code.

Posted On: March 4, 2026 Tactic: Embedded Link Theme: Spoofinng

Microsoft ATP

Finance-themed emails found in environments protected by Proofpoint and Microsoft ATP deliver an embedded link to download NinjaOne RMM.

Posted On: March 4, 2026 Tactic: Embedded Link Theme: Finance

Proofpoint

Finance-themed emails found in environments protected by Proofpoint and Microsoft ATP deliver an embedded link to download NinjaOne RMM.

Posted On: March 4, 2026 Tactic: Embedded Link Theme: Finance

Cisco IronPort

Google Meet-spoofing campaign found in environments protected by Microsoft ATP and Cisco IronPort delivers Itarian RAT via an embedded URL. Itarian RAT delivers a ConnectWise RAT sample.

Posted On: March 3, 2026 Tactic: Embedded Link Theme: Spoofinng

Microsoft ATP

Google Meet-spoofing campaign found in environments protected by Microsoft ATP and Cisco IronPort delivers Itarian RAT via an embedded URL. Itarian RAT delivers a ConnectWise RAT sample.

Posted On: March 3, 2026 Tactic: Embedded Link Theme: Spoofinng

Microsoft ATP

Finance-themed emails found in environments protected by Microsoft ATP, Proofpoint, and Abnormal Security deliver N-Able via an embedded link.

Posted On: March 2, 2026 Tactic: Embedded Link Theme: Finance

Proofpoint

Finance-themed emails found in environments protected by Microsoft ATP, Proofpoint, and Abnormal Security deliver N-Able via an embedded link.

Posted On: March 2, 2026 Tactic: Embedded Link Theme: Finance

Abnormal Security

Finance-themed emails found in environments protected by Microsoft ATP, Proofpoint, and Abnormal Security deliver N-Able via an embedded link.

Posted On: March 2, 2026 Tactic: Embedded Link Theme: Finance

Cisco IronPort

Document-themed emails found in environments protected by Cisco IronPort and Microsoft ATP deliver a password protected archive containing a VBS script via an embedded URL. The VBS script delivers Loda.

Posted On: February 27, 2026 Tactic: Embedded Link Theme: Document

Microsoft ATP

Document-themed emails found in environments protected by Cisco IronPort and Microsoft ATP deliver a password protected archive containing a VBS script via an embedded URL. The VBS script delivers Loda.

Posted On: February 27, 2026 Tactic: Embedded Link Theme: Document

Cisco IronPort

Adobe-spoofing emails found in environments protected by Cisco IronPort deliver Syncro RAT via an embedded URL.

Posted On: February 26, 2026 Tactic: Embedded Link Theme: Spoofinng

Proofpoint

Docusign-spoofing emails found in environments protected by Proofpoint deliver GoTo RAT or Credential Phishing via an embedded URL.

Posted On: February 25, 2026 Tactic: Embedded Link Theme: Spoofinng