Skip to main content

Phishing Threat Database

How do we catch these threats?

The Cofense Phishing Detection Center (PDC) acts as a SOC-as-a-service, supporting thousands of leading organizations. With over 35 million trained users and real-time threat reporting, our platform combines automated analysis with expert verification, ensuring reliable and efficient protection. Here, you’ll find real-world phishing emails that bypassed even advanced security measures, posing risks to revenue and reputation.

Microsoft ATP

Response-themed emails found in environments protected by Microsoft ATP and Proofpoint deliver an embedded link to an archive file containing a Malicious Batch Script that delivers ConnectWise RAT.

Posted On: April 3, 2026 Tactic: Embedded Link Theme: Response

Microsoft ATP

Response-themed emails found in environments protected by Microsoft ATP and Proofpoint deliver an embedded link to an archive file containing a Malicious Batch Script that delivers ConnectWise RAT.

Posted On: April 3, 2026 Tactic: Embedded Link Theme: Response

Abnormal Security

Benefits-themed emails found in environments protected by Abnormal Security, Mimecast, and Microsoft ATP deliver an attached PDF file that contains a QR code to a credential phishing site.

Posted On: April 2, 2026 Tactic: QR Code Theme: Benefits

Microsoft ATP

Benefits-themed emails found in environments protected by Abnormal Security, Mimecast, and Microsoft ATP deliver an attached PDF file that contains a QR code to a credential phishing site.

Posted On: April 2, 2026 Tactic: QR Code Theme: Benefits

Mimecast

Benefits-themed emails found in environments protected by Abnormal Security, Mimecast, and Microsoft ATP deliver an attached PDF file that contains a QR code to a credential phishing site.

Posted On: April 2, 2026 Tactic: QR Code Theme: Benefits

Cisco IronPort

Taxes-themed emails found in environments protected by Cisco IronPort and Microsoft ATP deliver a Nullsoft Installer via an embedded URL to an Adobe-spoofing site. The Nullsoft Installer delivers Datto RMM.

Posted On: April 1, 2026 Tactic: Embedded Link Theme: Taxes

Microsoft ATP

Taxes-themed emails found in environments protected by Cisco IronPort and Microsoft ATP deliver a Nullsoft Installer via an embedded URL to an Adobe-spoofing site. The Nullsoft Installer delivers Datto RMM.

Posted On: April 1, 2026 Tactic: Embedded Link Theme: Taxes

Cisco IronPort

Fidelity-spoofing campaign found in environments protected by Microsoft ATP and Cisco IronPort delivers Itarian RAT via an embedded URL.

Posted On: April 1, 2026 Tactic: Embedded Link Theme: Spoofing

Microsoft ATP

Fidelity-spoofing campaign found in environments protected by Microsoft ATP and Cisco IronPort delivers Itarian RAT via an embedded URL.

Posted On: April 1, 2026 Tactic: Embedded Link Theme: Spoofing

Abnormal Security

Microsoft-spoofing emails found in environments protected by Abnormal Security and Microsoft ATP deliver an embedded link to an OAuth 2.0-based Credential Phishing site.

Posted On: March 31, 2026 Tactic: Embedded Link Theme: Spoofing

Microsoft ATP

Microsoft-spoofing emails found in environments protected by Abnormal Security and Microsoft ATP deliver an embedded link to an OAuth 2.0-based Credential Phishing site.

Posted On: March 31, 2026 Tactic: Embedded Link Theme: Spoofing

Cisco IronPort

Booking.com-spoofing emails found in environments protected by Cisco IronPort and Microsoft ATP deliver an embedded link to a fake CAPTCHA website that delivers a malicious PowerShell Script to the clipboard. When run, the script delivers PureRAT.

Posted On: March 27, 2026 Tactic: Embedded Link Theme: Spoofing