Phishing Threat Database

How do we catch these threats?

The Cofense Phishing Detection Center (PDC) acts as a SOC-as-a-service, supporting thousands of leading organizations. With over 35 million trained users and real-time threat reporting, our platform combines automated analysis with expert verification, ensuring reliable and efficient protection. Here, you’ll find real-world phishing emails that bypassed even advanced security measures, posing risks to revenue and reputation.

Microsoft ATP

Phishing Email Example Description:
Finance-themed emails found in environments protected by Microsoft ATP deliver an attached archive containing a JavaScript file. The archive contains a mismatched header and footer. The JavaScript file drops and runs Remcos RAT.

Posted On: July 8, 2025 Tactic: RAR Attachment Theme: Finance

Abnormal Security

Phishing Email Example Description:
Finance-themed emails found in environments protected by Proofpoint, Microsoft ATP, and Abnormal Security deliver Credential Phishing via an embedded URL.

Posted On: July 6, 2025 Tactic: Link Theme: Finance

Microsoft ATP

Phishing Email Example Description:
Finance-themed emails found in environments protected by Proofpoint, Microsoft ATP, and Abnormal Security deliver Credential Phishing via an embedded URL.

Posted On: July 6, 2025 Tactic: Link Theme: Finance

Proofpoint

Phishing Email Example Description:
Finance-themed emails found in environments protected by Proofpoint, Microsoft ATP, and Abnormal Security deliver Credential Phishing via an embedded URL.

Posted On: July 6, 2025 Tactic: Link Theme: Finance

Microsoft ATP

Phishing Email Example Description:
Zoom-spoofing emails found in environments protected by Proofpoint and Microsoft ATP deliver an embedded link that downloads either SimpleHelp RAT or Android Malware.

Posted On: July 2, 2025 Tactic: Link Theme: Spoofing

Proofpoint

Phishing Email Example Description:
Zoom-spoofing emails found in environments protected by Proofpoint and Microsoft ATP deliver an embedded link that downloads either SimpleHelp RAT or Android Malware.

Posted On: July 2, 2025 Tactic: Link Theme: Spoofing

Mimecast

Phishing Email Example Description:
Zoom-spoofing emails found in environments protected by Mimecast deliver ConnectWise RAT for either Mac or Windows via an embedded URL.

Posted On: June 2, 2025 Tactic: Link Theme: Spoofing

Microsoft ATP

Phishing Email Example Description:
Zoom-spoofing emails found in environments protected by Microsoft ATP deliver ConnectWise RAT via a URL embedded in an attached Calendar file. The link leads to a page purporting to deliver a Zoom update.

Posted On: June 2, 2025 Tactic: ICS Attachment Theme: Spoofing

Symantec MessageLabs

Phishing Email Example Description:
Finance-themed emails found in environments protected by Microsoft ATP and Symantec MessageLabs deliver XWorm RAT via an attached PDF containing an embedded link.

Posted On: June 2, 2025 Tactic: PDF Attachment Theme: Finance

Microsoft ATP

Phishing Email Example Description:
Finance-themed emails found in environments protected by Microsoft ATP and Symantec MessageLabs deliver XWorm RAT via an attached PDF containing an embedded link.

Posted On: June 2, 2025 Tactic: PDF Attachment Theme: Finance