Phishing Threat Database

How do we catch these threats?

The Cofense Phishing Detection Center (PDC) acts as a SOC-as-a-service, supporting thousands of leading organizations. With over 35 million trained users and real-time threat reporting, our platform combines automated analysis with expert verification, ensuring reliable and efficient protection. Here, you’ll find real-world phishing emails that bypassed even advanced security measures, posing risks to revenue and reputation.

Proofpoint

Phishing Email Example Description:
Invitation-themed emails found in environments protected by Proofpoint, Microsoft ATP, and Abnormal Security deliver PDQ Connect RAT via an embedded URL.

Posted On: September 16, 2025 Tactic: Link Theme: Invitation

Abnormal Security

Phishing Email Example Description:
Invitation-themed emails found in environments protected by Proofpoint, Microsoft ATP, and Abnormal Security deliver PDQ Connect RAT via an embedded URL.

Posted On: September 16, 2025 Tactic: Link Theme: Invitation

Microsoft ATP

Phishing Email Example Description:
Invitation-themed emails found in environments protected by Proofpoint, Microsoft ATP, and Abnormal Security deliver PDQ Connect RAT via an embedded URL.

Posted On: September 16, 2025 Tactic: Link Theme: Invitation

Trend Micro

Phishing Email Example Description:
ChatGPT-spoofing campaign found in environments protected by Trend Micro and Microsoft ATP delivers credential phishing via an embedded URL.

Posted On: September 12, 2025 Tactic: Link Theme: Spoofing

Microsoft ATP

Phishing Email Example Description:
ChatGPT-spoofing campaign found in environments protected by Trend Micro and Microsoft ATP delivers credential phishing via an embedded URL.

Posted On: September 12, 2025 Tactic: Link Theme: Spoofing

Proofpoint

Phishing Email Example Description:
Taxes-themed emails found in environments protected by Proofpoint deliver an archive containing N-Able via an embedded URL.

Posted On: September 11, 2025 Tactic: Link Theme: Taxes

Microsoft ATP

Phishing Email Example Description:
DBS-spoofing emails found in environments protected by Microsoft ATP and Trend Micro deliver an attached archive containing a VBS. The VBS downloads and runs a DotNETLoader and XWorm RAT.

Posted On: September 9, 2025 Tactic: ZST Attachment Theme: Spoofing

Trend Micro

Phishing Email Example Description:
DBS-spoofing emails found in environments protected by Microsoft ATP and Trend Micro deliver an attached archive containing a VBS. The VBS downloads and runs a DotNETLoader and XWorm RAT.

Posted On: September 9, 2025 Tactic: ZST Attachment Theme: Spoofing

Cisco IronPort

Phishing Email Example Description:
DPD-spoofing campaign found in environments protected by Cisco IronPort delivers credential phishing via an embedded URL.

Posted On: September 9, 2025 Tactic: Link Theme: Spoofing

Cisco IronPort

Phishing Email Example Description:
Voicemail-themed emails found in environments protected by Cisco IronPort deliver an attached SVG file containing an embedded link to download PDQ Connect RAT.

Posted On: September 8, 2025 Tactic: SVG Attachment Theme: Voicemail