SEG-Miss Database

This is the Cofense SEG-Miss sample database. Here, you will find real-world recent examples of dangerous phishing emails that bypassed popular Secure Email Gateways including the newer AI model driven products. These malicious emails landed in employee inboxes, and could pose an immediate threat to your revenue and reputation. Conversely, Cofense customers could rest easy because these threats we removed from their systems by Cofense solutions.

How did we see these failures?

Cofense’s Phishing Detection Center (PDC) is our email SOC as a Service that powers the email phishing mitigation and risk reduction programs for thousands of the world’s most important brands. Our network of over 35+ Million Cofense-trained employees, and our automated journaling, reports suspected threats in real-time to the PDC which powers our security platform. This database is driven by factual and verifiable data sent through our analysis process and vetted by our human team of experts - unique to Cofense. Please note: shown here are just samples of the SEG misses we observe everyday, no statistical value or patterns should be derived from this small randomized subset of data. 


Microsoft ATP

Phishing Email Example Description:
Document-themed emails found in environments protected by Microsoft ATP, Proofpoint, and Abnormal Security deliver a PDF via an embedded link. The PDF contains a link to a Credential Phishing page.

Posted On: April 29, 2025 Tactic: Link Theme: Document

Proofpoint

Phishing Email Example Description:
Document-themed emails found in environments protected by Microsoft ATP, Proofpoint, and Abnormal Security deliver a PDF via an embedded link. The PDF contains a link to a Credential Phishing page.

Posted On: April 29, 2025 Tactic: Link Theme: Document

Abnormal Security

Phishing Email Example Description:
Document-themed emails found in environments protected by Microsoft ATP, Proofpoint, and Abnormal Security deliver a PDF via an embedded link. The PDF contains a link to a Credential Phishing page.

Posted On: April 29, 2025 Tactic: Link Theme: Document

Proofpoint

Phishing Email Example Description:
Social Security Administration-spoofing emails found in environments protected by Proofpoint and Microsoft ATP deliver ConnectWise RAT via an embedded link.

Posted On: April 26, 2025 Tactic: Link Theme: Spoofing

Microsoft ATP

Phishing Email Example Description:
Social Security Administration-spoofing emails found in environments protected by Proofpoint and Microsoft ATP deliver ConnectWise RAT via an embedded link.

Posted On: April 26, 2025 Tactic: Link Theme: Spoofing

Microsoft ATP

Phishing Email Example Description:
Caixadirecta-spoofing emails found in environments protected by Microsoft ATP and Cisco IronPort deliver a Malicious Batch Script via an embedded URL. The Malicious Batch Script delivers a DotNETLoader and VIP Keylogger.

Posted On: April 25, 2025 Tactic: Link Theme: Spoofing

Cisco IronPort

Phishing Email Example Description:
Caixadirecta-spoofing emails found in environments protected by Microsoft ATP and Cisco IronPort deliver a Malicious Batch Script via an embedded URL. The Malicious Batch Script delivers a DotNETLoader and VIP Keylogger.

Posted On: April 25, 2025 Tactic: Link Theme: Spoofing

Microsoft ATP

Phishing Email Example Description:
Adobe-spoofing campaign found in environments protected by Microsoft ATP delivers ConnectWise RAT via an embedded URL.

Posted On: April 24, 2025 Tactic: Link Theme: Spoofing

Abnormal Security

Phishing Email Example Description:
Transfer Flow-spoofing emails found in environments protected by Microsoft ATP, Abnormal Security, and Proofpoint deliver Credential Phishing via an embedded URL.

Posted On: April 22, 2025 Tactic: Link Theme: Spoofing

Microsoft ATP

Phishing Email Example Description:
Transfer Flow-spoofing emails found in environments protected by Microsoft ATP, Abnormal Security, and Proofpoint deliver Credential Phishing via an embedded URL.

Posted On: April 22, 2025 Tactic: Link Theme: Spoofing