According to the Cofense Annual Report 2026, attackers are now launching one malicious phishing email every 19 seconds. That’s more than twice as fast as last year.
To put it in perspective:
- 2024: One attack every 42 seconds
- 2025: One attack every 19 seconds
This isn’t a small jump, it’s a fundamental shift in how phishing campaigns operate.
AI Has Changed the Phishing Game
Phishing emails used to be easy to spot. Poor grammar, generic messages, obvious red flags.
That’s no longer the case.
With AI, attackers can instantly generate thousands of unique, polished, and targeted emails. Instead of reusing the same template, every message can look different, and convincingly legitimate.
Today’s phishing emails often resemble:
- Real invoices
- HR or payroll requests
- Microsoft or cloud login alerts
- Internal company conversations
The result? Emails that feel authentic and slip past both users and filters.
Most Phishing Content Is Brand New
One of the most troubling findings in the Cofense report is how little reuse attackers rely on now:
- 76% of phishing URLs were unique
- 82% of malicious attachments had unique hashes
This is critical because many email security tools still depend on recognizing known threats. When nearly every email is new, traditional detection methods struggle to keep up.
Trusted Business Tools Are Being Exploited
Attackers are also abusing legitimate platforms to appear trustworthy.
Cofense reports massive growth in phishing campaigns that misuse remote access tools like:
- GoTo
- ScreenConnect
Some of these attacks increased by up to 900%. Because these tools are widely trusted, they often bypass basic security checks, giving attackers a dangerous advantage.
New Domains Help Attackers Stay Invisible
Domain strategy is evolving too.
Cofense observed a 51x year-over-year increase in phishing campaigns using certain country-code domains, such as .es. Constantly rotating domains allows attackers to evade reputation-based blocking systems before defenses can catch up.
Why This Matters
The takeaway is clear:
- Email is still the #1 entry point for cyberattacks
- AI is allowing attackers to scale faster than legacy defenses
- Phishing emails now look more human, more personal, and more believable
Even strong secure email gateways can be overwhelmed when every message, link, and attachment is unique.
Email Security Takeaway
AI-powered phishing isn’t a future risk, it’s already here, operating at massive scale.
With attacks firing off every 19 seconds, organisations must prioritize:
- Detection beyond traditional filtering
- Rapid response after emails are delivered
- Strong user reporting and awareness
- Layered, adaptive email security controls
Phishing is evolving faster than ever, and email defenses must evolve even faster to keep up.
