51% of organizations have faced sophisticated, personalized phishing emails powered by deepfake technology.

82% of malicious files have unique hashes that traditional pattern-matching fails to detect.

Credential phishing campaigns using .es domains increase 51 times year-over-year, with the .es top-level domain jumping from the 56th to the 3rd most-abused TLD.

In Q4 2025, callback phishing increased from 3% to 18% of all phishing incidents, a 500% spike.

Conversational attacks comprise 18% of all malicious emails.

Approximately 17% of healthcare email breaches were the result of phishing-driven mailbox takeovers.

In 2025, a malicious email attack occurs every 19 seconds, more than doubling from 2024’s pace of one every 42 seconds.

Abuse of legitimate remote access tools increased by 900% by volume.

76% of initial infection URLs in abalyzed phishing attacks were unique and have not appeared in other campaigns across Cofense's customer base.

Eighty-eight percent of consumers who received a data breach notice experience at least one negative consequence after a breach; 40 percent experience an increase in phishing or scam attempts; 49 percent experience an increase in spam emails or robocalls; 40 percent experience attempted takeover of an existing account (2025)

Fifty percent of affected consumers cite immediate financial fraud as their primary fear, and 54 percent of consumers report an increase in targeted phishing attempts after a breach (2025)

In 2025, 'polymorphic' attacks that varied the email header, body, and destination were seen in 20% of phishing attacks.

77% of advanced email attacks failed SPF, DKIM, or DMARC authentication yet still reached inboxes.

Approximately 45% of advanced email attacks showed indicators of AI assistance, projected to rise to 75–95% within the next 18 months

77% of advanced email attacks impersonated business-critical brands such as DocuSign, Microsoft, and Google.

Clicks on phishing links decreased by 27%, from 119 per 10,000 users last year to 87 per 10,000 users this year.

In 2025, attacks bypassing multifactor authentication (MFA) were reported in 48% of phishing attacks.

In 2025, malicious QR codes were observed in 19% of phishing attacks.

In 2025, obfuscations to hide URLs from detection were seen in 48% of phishing attacks.

The number of known phishing kits doubled during 2025, reaching a significant increase in active use.