Cofense

82% of malicious files have unique hashes that traditional pattern-matching fails to detect.

Credential phishing campaigns using .es domains increase 51 times year-over-year, with the .es top-level domain jumping from the 56th to the 3rd most-abused TLD.

76% of initial infection URLs in abalyzed phishing attacks were unique and have not appeared in other campaigns across Cofense's customer base.

Conversational attacks comprise 18% of all malicious emails.

In 2025, a malicious email attack occurs every 19 seconds, more than doubling from 2024’s pace of one every 42 seconds.

Abuse of legitimate remote access tools increased by 900% by volume.

Tax scams were up by 340% in 2024.

Over 40% of malware detected in 2024 was newly observed.

Legitimate file abuse was up 575% in 2024.

Microsoft spoofing spiked 156% in 2024.

Nearly half of the newly observed malware was classified as Remote Access Trojans (RATs).

Cofense Phishing Defense Center (PDC) tracked one malicious email every 42 seconds in 2024. Many of these were part of polymorphic phishing attacks.

Email-based BEC attacks surged 70% year-over-year.

Cofense Phishing Defense Center (PDC) tracked one malicious email every 42 seconds in 2024. Many of these were part of polymorphic phishing attacks.