Phishing Threat Database

How do we catch these threats?

The Cofense Phishing Detection Center (PDC) acts as a SOC-as-a-service, supporting thousands of leading organizations. With over 35 million trained users and real-time threat reporting, our platform combines automated analysis with expert verification, ensuring reliable and efficient protection. Here, you’ll find real-world phishing emails that bypassed even advanced security measures, posing risks to revenue and reputation. Here, you’ll find real-world phishing emails that bypassed even advanced security measures, posing risks to revenue and reputation.

Mimecast

Phishing Email Example Description:
Zoom-spoofing emails found in environments protected by Mimecast deliver ConnectWise RAT for either Mac or Windows via an embedded URL.

Posted On: June 2, 2025 Tactic: Link Theme: Spoofing

Microsoft ATP

Phishing Email Example Description:
Zoom-spoofing emails found in environments protected by Microsoft ATP deliver ConnectWise RAT via a URL embedded in an attached Calendar file. The link leads to a page purporting to deliver a Zoom update.

Posted On: June 2, 2025 Tactic: ICS Attachment Theme: Spoofing

Symantec MessageLabs

Phishing Email Example Description:
Finance-themed emails found in environments protected by Microsoft ATP and Symantec MessageLabs deliver XWorm RAT via an attached PDF containing an embedded link.

Posted On: June 2, 2025 Tactic: PDF Attachment Theme: Finance

Microsoft ATP

Phishing Email Example Description:
Finance-themed emails found in environments protected by Microsoft ATP and Symantec MessageLabs deliver XWorm RAT via an attached PDF containing an embedded link.

Posted On: June 2, 2025 Tactic: PDF Attachment Theme: Finance

Cisco IronPort

Phishing Email Example Description:
Social Security Administration-spoofing campaign found in environments protected by Cisco IronPort delivers ConnectWise RAT via an embedded URL.

Posted On: May 30, 2025 Tactic: Link Theme: Spoofing

Abnormal Security

Phishing Email Example Description:
Finance-themed emails found in environments protected by Microsoft ATP, Proofpoint, and Abnormal Security deliver Credential Phishing via an embedded URL.

Posted On: May 28, 2025 Tactic: Link Theme: Finance

Proofpoint

Phishing Email Example Description:
Finance-themed emails found in environments protected by Microsoft ATP, Proofpoint, and Abnormal Security deliver Credential Phishing via an embedded URL.

Posted On: May 28, 2025 Tactic: Link Theme: Finance

Microsoft ATP

Phishing Email Example Description:
Finance-themed emails found in environments protected by Microsoft ATP, Proofpoint, and Abnormal Security deliver Credential Phishing via an embedded URL.

Posted On: May 28, 2025 Tactic: Link Theme: Finance

Proofpoint

Phishing Email Example Description:
Copyright-themed emails found in environments protected by Proofpoint and Microsoft ATP deliver an embedded link to a Malicious Downloader that delivers Ghost RAT and Pure Logs Stealer.

Posted On: May 27, 2025 Tactic: Link Theme: Copyright

Microsoft ATP

Phishing Email Example Description:
Copyright-themed emails found in environments protected by Proofpoint and Microsoft ATP deliver an embedded link to a Malicious Downloader that delivers Ghost RAT and Pure Logs Stealer.

Posted On: May 27, 2025 Tactic: Link Theme: Copyright