51% of organizations have faced sophisticated, personalized phishing emails powered by deepfake technology.

82% of malicious files have unique hashes that traditional pattern-matching fails to detect.

76% of initial infection URLs in abalyzed phishing attacks were unique and have not appeared in other campaigns across Cofense's customer base.

In Q4 2025, callback phishing increased from 3% to 18% of all phishing incidents, a 500% spike.

Approximately 17% of healthcare email breaches were the result of phishing-driven mailbox takeovers.

Credential phishing campaigns using .es domains increase 51 times year-over-year, with the .es top-level domain jumping from the 56th to the 3rd most-abused TLD.

Conversational attacks comprise 18% of all malicious emails.

In 2025, a malicious email attack occurs every 19 seconds, more than doubling from 2024’s pace of one every 42 seconds.

Abuse of legitimate remote access tools increased by 900% by volume.

Fifty percent of affected consumers cite immediate financial fraud as their primary fear, and 54 percent of consumers report an increase in targeted phishing attempts after a breach (2025)

Eighty-eight percent of consumers who received a data breach notice experience at least one negative consequence after a breach; 40 percent experience an increase in phishing or scam attempts; 49 percent experience an increase in spam emails or robocalls; 40 percent experience attempted takeover of an existing account (2025)

Approximately 45% of advanced email attacks showed indicators of AI assistance, projected to rise to 75–95% within the next 18 months

Clicks on phishing links decreased by 27%, from 119 per 10,000 users last year to 87 per 10,000 users this year.

77% of advanced email attacks impersonated business-critical brands such as DocuSign, Microsoft, and Google.

77% of advanced email attacks failed SPF, DKIM, or DMARC authentication yet still reached inboxes.

In 2025, 'polymorphic' attacks that varied the email header, body, and destination were seen in 20% of phishing attacks.

In 2025, CAPTCHA was leveraged for added authenticity in 43% of phishing attacks.

In 2025, attacks leveraging generative AI were reported in 10% of phishing attacks.

In 2025, the use of 'Blob URIs' was noted in 2% of phishing attacks.

In 2025, the abuse of trusted, legitimate online platforms was noted in 10% of phishing attacks.