Phishing and deception made up 31.6% of traffic on DNSFilter's network, marking an increase compared to the prior quarter. This amounted to over 750 million queries.

38% of organisations suffered a phishing attack that led to unauthorised access.

Internal-themed topics accounted for 98.4% of the top 10 most-clicked email templates in the phishing simulations.

71.9% of interactions with malicious landing pages involved branded content.

Internal-themed topics accounted for 98.4% of the top 10 most-clicked email templates in the phishing simulations.

IT-related themes were cited in 21.5% of phishing failures.

80.6% of the top 20 clicked links originated from internally-themed simulations.

80.6% of the top 20 clicked links originated from internally-themed simulations.

PDF attachment clicks in phishing simulations increased by 8.1% compared to Q1 2025.

71.9% of interactions with malicious landing pages involved branded content.

Subscription prices for generative AI tools like FraudGPT and WormGPT, marketed for illicit uses such as phishing and malware creation, start for as little as $200 per month.

PDF attachment clicks in phishing simulations increased by 8.1% compared to Q1 2025.

HR-related themes were cited in 42.5% of phishing failures.

PDFs comprised the majority, 61.1%, of the top 20 attachments clicked in phishing simulations.

Among internally-themed links, 68.2% utilised domain spoofing techniques.

Microsoft and Docusign were among the most frequently impersonated brands in phishing emails with PDF attachments.

Phone numbers are sometimes reused on consecutive days in TOAD attacks.

A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, employing Telephone-Oriented Attack Delivery (TOAD) or callback phishing.

NortonLifeLock, PayPal, and Geek Squad were among the most impersonated brands in TOAD emails with PDF attachments

Most phone numbers found in email threats leveraging the TOAD social engineering technique are Voice over Internet Protocol (VoIP) numbers.