Malicious Phishing Emails Increased by 569% in 2022, According to Annual Report from Cofense

Company’s annual report highlights increasing email security threats impacting organizations globally

LEESBURG, Va.--()--Cofense, the leading provider of phishing detection and response (PDR) solutions, today announced the release of its 2023 Annual State of Email Security Report, which highlights the growing threats that continuously bypass standard email security solutions. As observed by Cofense Intelligence, 2022 saw a 569% increase in malicious phishing emails and a 478% increase in credential phishing-related threat reports published.

Combining a global network of more than 35 million people with artificial intelligence and machine learning, Cofense has access to a dynamic and vast dataset of actionable, advanced threat intelligence. These insights provide Cofense with unmatched visibility into emails bypassing SEGs and hitting users' inboxes, highlighted by a 99.996% accuracy rate on phishing threat analysis over the last year. The annual report is a comprehensive assessment of the trends the Cofense team observed through this data in 2022.

“The cybersecurity landscape is always evolving, so it is imperative to stay on top of the latest trends and tactics,” said Tonia Dudley, Vice President and Chief Information Security Officer at Cofense. “As threats increase in frequency, intensity and sophistication, the need for rapid and actionable intelligence has never been greater. The increase in nation-state attacks and major incidents overall continues to apply pressure to drive visibility of an organization’s security program by boards, corporate executives and cyber insurers. With this pressure, organizations must continue to evaluate ways to mitigate risk and assess what email security controls need to be added or enhanced to raise their overall security posture.”

Email Security Trends Hitting Inboxes

Cofense’s crowdsourced methodology provides a view into the malicious emails that are reaching inboxes today. Based on Cofense intelligence, the top five trends in the email security landscape highlight that delivery methods for carrying out phishing campaigns continue to keep up with the advancement of technology. Cofense witnessed a continued blending of tactics to make detection and mitigation even more difficult for organizations. The top trends for 2022 include:

  • Credential phishing is the top attack vector with a 478% increase in malicious emails identified
  • Emotet & QakBot remain the top malware families
  • Business email compromise (BEC) continues to be one of the top cybercrimes for the eighth year in a row
  • Web3 technologies used in phishing campaigns increased by 341%
  • Telegram bots as exfiltration destinations increased by 800%

Top Malware Families to Watch

In 2022, the Cofense team observed a 44% increase in malware as compared to 2021. The report highlights the top five malware families that made up the highest volume of phishing campaigns disseminated in 2022. Several characteristics can make a malware family more appealing to threat actors, such as the malware features, cost, and complexity. In combination, these properties determine how well malware aligns with a threat actor’s agenda for a phishing campaign.

The top five malware families of 2022 include Emotet, Qakbot, Formbook, Agent Tesla and Snake. Most notably, the continued position of Emotet at the top of the list is a testament to its ability to out scale all other malware-delivery campaigns, even after months of inactivity. Additionally, QakBot continues to evolve defensive mechanisms against malware analysis, and phishing emails delivering the malware continue to successfully reach inboxes.

To download the 2023 Annual State of Email Security Report or to register for the webinar that will dive deeper into the report findings on March 29 at 11 AM ET, visit

About Cofense

Cofense® is a global email security company and leading provider of phishing detection and response (PDR) solutions. As the only end-to-end email security solution powered by a global network of more than 35 million users, Cofense applies a unique combination of automated intelligence sources to identify, protect, detect, and respond to email security threats. Utilizing crowdsourced intelligence and machine learning, our platform enables customers to proactively evolve with the threat landscape while better defending and protecting themselves against email attacks. With seamless integration into most major TIPs, SIEMs, and SOARs, Cofense solutions easily align with existing security ecosystems. Threat analysts in our five global phishing defense centers (operating 24×7) work to support Cofense’s more than 2,000 enterprise customers, including 25% of the Fortune 1000, across critical sectors such as defense, energy, financial services, healthcare, and manufacturing. With 27 patents, and more than 500 million simulations delivered, Cofense provides the technology and insight to help businesses improve security, remediate threats, and reduce the risk of compromise. For additional information, please visit or connect with us on Twitter and LinkedIn.


Allison Knight


Allison Knight