Cofense Annual Phishing Report Highlights 10 Point Increase in Credential Phishing

67% of all emails observed are credential phishing; new report highlights ways that traditional technology can’t keep up with phishing tactics

LEESBURG, Va.–(BUSINESS WIRE)–Cofense®, the leading provider of Phishing Detection and Response (PDR) solutions, today released its 2022 Annual State of Phishing Report, which sheds light on the value of human reporting and the downfall of relying too heavily on technology controls to prevent phishing. As observed by the Cofense Phishing Defense Center (PDC), phishing attacks containing malicious URLs were four times more likely to bypass secure email gateways than those with attachments.

Cofense has equipped more than 30 million people in organizations across the globe to report suspicious emails through Cofense Reporter™, an easy to use, one-click email toolbar button. As a result, Cofense has access to a dynamic and vast dataset of advanced phishing threat intelligence – with more visibility into the actionable phishing emails that are bypassing secure email gateways and hitting user inboxes than any other security company.

Key insights from Cofense’s research and analysis from 2021 include:

  • Credential phishing continues to be the top threat facing organizations, increasing 10 percentage points since 2020
    • 67% of all phishing emails observed are credential phishing
    • 52% of all credential phish were branded as Microsoft
  • Cofense observed nearly 100 unique malware families, representing the complicated landscape of distinct threats organizations need to keep up with
  • The healthcare industry continues to be the top target of business email compromise (BEC) attacks
    • 16% of malicious emails found in healthcare environments were BEC attacks
  • Threats continue to break through into environments protected by email security vendors
    • Of the Indicators of Compromise (IOCs) analyzed by Cofense’s Phishing Defense Center, 80% contained malicious URLs found in the body of the email, while 20% utilized nefarious attachments.
  • Organizations are increasingly aligning their employee simulation training with real threats known to be targeting their organization
    • Cofense saw a 7-point increase in simulations based on credential phishing in 2021

“Early on in our journey as a company, we grew our focus from solely security awareness simulation training to more broadly addressing the real phishing threats facing organizations. We knew solving these problems would require continuous innovation, and in 2021 we were proud to take our multi-layered email security architecture to a whole new level through the acquisition of Cyberfish and the launch of brand-new product capabilities,” said Aaron Higbee, co-founder and Chief Technology Officer, Cofense.

“If there is anything I hope the industry takes away from Cofense’s 2022 Annual State of Phishing Report, it is that threat actors are innovating but SEGs are not, and well-conditioned users report real phish. Cofense is the only email security company that detects phish that have bypassed all major SEG vendors. I believe the number of real phish, reported by real users, found in all major SEG environments speaks for itself,” added Higbee.

Report Available Now

To download the Cofense Annual State of Phishing Report, or to register for the free Cofense webinar taking place today, March 30 at 1pmET, visit

About Cofense

Cofense® is the leading provider of phishing detection and response solutions. Designed for enterprise organizations, the Cofense Phishing Detection and Response (PDR) platform leverages a global network of over 30 million people actively reporting suspected phish, combined with advanced automation to stop phishing attacks faster and stay ahead of breaches. When deploying the full suite of Cofense solutions, organizations can educate employees on how to identify and report phish, detect phish in their environment and respond quickly to remediate threats. With seamless integration into most major TIPs, SIEMs, and SOARs, Cofense solutions easily align with existing security ecosystems. Across a broad set of Global 1000 enterprise customers, including defense, energy, financial services, healthcare and manufacturing sectors, Cofense understands how to improve security, aid incident response and reduce the risk of compromise. For additional information, please visit or connect with us on Twitter and LinkedIn.


Media Contact
Henry Ruff