Phishing Threat Database

How do we catch these threats?

The Cofense Phishing Detection Center (PDC) acts as a SOC-as-a-service, supporting thousands of leading organizations. With over 35 million trained users and real-time threat reporting, our platform combines automated analysis with expert verification, ensuring reliable and efficient protection. Here, you’ll find real-world phishing emails that bypassed even advanced security measures, posing risks to revenue and reputation.

Microsoft ATP

Phishing Email Example Description:
Netflix-spoofing emails found in environments protected by Microsoft ATP and Proofpoint deliver an embedded link to a VBS script. When run, the VBS script delivers Loda.

Posted On: December 17, 2025 Tactic: Embedded Link Theme: Spoofing

Microsoft ATP

Phishing Email Example Description:
Shared File-themed emails  found in environments protected by Microsoft ATP and Abnormal Security deliver a WSF file via an embedded URL. The WSF file downloads a PowerShell Script that drops a DotNETLoader and Phantom Stealer.

Posted On: December 16, 2025 Tactic: Embedded Link Theme: Shared File

Abnormal Security

Phishing Email Example Description:
Shared File-themed emails  found in environments protected by Microsoft ATP and Abnormal Security deliver a WSF file via an embedded URL. The WSF file downloads a PowerShell Script that drops a DotNETLoader and Phantom Stealer.

Posted On: December 16, 2025 Tactic: Embedded Link Theme: Shared File

Microsoft ATP

Phishing Email Example Description:
Voicemail-themed emails found in environments protected by Microsoft ATP and TrendMicro deliver an embedded link to a Malicious Batch Script. When run, the script runs a PowerShell Script that downloads and runs Remotely.

Posted On: December 15, 2025 Tactic: Embedded Link Theme: Voicemail

TrendMicro

Phishing Email Example Description:
Voicemail-themed emails found in environments protected by Microsoft ATP and TrendMicro deliver an embedded link to a Malicious Batch Script. When run, the script runs a PowerShell Script that downloads and runs Remotely.

Posted On: December 15, 2025 Tactic: Embedded Link Theme: Voicemail

Cisco Ironport

Phishing Email Example Description:
Brazilian Labor Court-spoofing emails found in environments protected by Cisco IronPort and Microsoft ATP deliver an embedded link to ConnectWise RAT.

Posted On: December 12, 2025 Tactic: Embedded Link Theme: Spoofing

Microsoft ATP

Phishing Email Example Description:
Brazilian Labor Court-spoofing emails found in environments protected by Cisco IronPort and Microsoft ATP deliver an embedded link to ConnectWise RAT.

Posted On: December 12, 2025 Tactic: Embedded Link Theme: Spoofing

Microsoft ATP

Phishing Email Example Description:
Notification-themed emails found in environments protected by Microsoft ATP delivers Credential Phishing via an embedded URL.

Posted On: December 10, 2025 Tactic: Embedded Link Theme: Notificatoin

Proofpoint

Phishing Email Example Description:
Google Meet-spoofing campaign found in environments protected by Proofpoint and Microsoft ATP delivers Itarian RAT via an embedded URL.

Posted On: December 10, 2025 Tactic: Embedded Link Theme: Spoofing

Microsoft ATP

Phishing Email Example Description:
Google Meet-spoofing campaign found in environments protected by Proofpoint and Microsoft ATP delivers Itarian RAT via an embedded URL.

Posted On: December 10, 2025 Tactic: Embedded Link Theme: Spoofing