Phishing Threat Database

How do we catch these threats?

The Cofense Phishing Detection Center (PDC) acts as a SOC-as-a-service, supporting thousands of leading organizations. With over 35 million trained users and real-time threat reporting, our platform combines automated analysis with expert verification, ensuring reliable and efficient protection. Here, you’ll find real-world phishing emails that bypassed even advanced security measures, posing risks to revenue and reputation.

Cisco IronPort

Phishing Email Example Description:
Hermes Germany-spoofing emails found in environments protected by Cisco IronPort deliver N-Able via an embedded link.

Posted On: February 10, 2026 Tactic: Embedded Link Theme: Spoofing

Check Point

Phishing Email Example Description:
Benefits-themed emails found in environments protected by Microsoft ATP and Check Point deliver Credential Phishing via an attached PDF containing a QR Code.

Posted On: February 9, 2026 Tactic: QR Code Theme: Benefits

Proofpoint

Phishing Email Example Description:
MetLife-spoofing emails found in environments protected by Proofpoint and Microsoft ATP deliver Faronics Deploy via an embedded URL.

Posted On: February 6, 2026 Tactic: Embedded Link Theme: Spoofing

Microsoft ATP

Phishing Email Example Description:
MetLife-spoofing emails found in environments protected by Proofpoint and Microsoft ATP deliver Faronics Deploy via an embedded URL.

Posted On: February 6, 2026 Tactic: Embedded Link Theme: Spoofing

Microsoft ATP

Phishing Email Example Description:
Benefits-themed emails found in environments protected by Microsoft ATP deliver an attached PDF with a link to download a VBS script. The VBS script runs Remcos RAT in memory.

Posted On: February 4, 2026 Tactic: Attachment Theme: Benefits

Microsoft ATP

Phishing Email Example Description:
Voicemail-themed emails found in environments protected by Microsoft ATP deliver an attached HTML file that downloads a JSDropper. The JSDropper delivers a DotNETLoader and Babylon RAT. Additional payloads were found at the time of analysis.

Posted On: February 4, 2026 Tactic: Attachment Theme: Voicemail

Proofpoint

Phishing Email Example Description:
Invitation-themed emails found in environments protected by Microsoft ATP and Proofpoint deliver either Credential Phishing or Ninite Loader via an embedded URL. Ninite Loader delivers ConnectWise RAT.

Posted On: February 3, 2026 Tactic: Embedded Link Theme: Invitation

Microsoft ATP

Phishing Email Example Description:
Invitation-themed emails found in environments protected by Microsoft ATP and Proofpoint deliver either Credential Phishing or Ninite Loader via an embedded URL. Ninite Loader delivers ConnectWise RAT.

Posted On: February 3, 2026 Tactic: Embedded Link Theme: Invitation

Cisco IronPort

Phishing Email Example Description:
Docusign-spoofing emails found in environments protected by Cisco IronPort deliver an embedded link to TrustConnect.

Posted On: January 30, 2026 Tactic: Embedded Link Theme: Spoofing

Proofpoint

Phishing Email Example Description:
Social Security-spoofing emails found in environments protected by Proofpoint and Microsoft ATP deliver ConnectWise RAT via an embedded URL.

Posted On: January 29, 2026 Tactic: Embedded Link Theme: Spoofing