April 2026 Phishing Email Trends Report

In April 2026, this threat intelligence report documents an active phishing and malware campaign targeting Korean users: Trojans (47%), phishing HTML FakePages (39%), and downloaders (10%) were the most prevalent attachment threats. The report lists common phishing subject lines, example C2 URLs (e.g. https://www.seety.it/crinity/unikorea.go.kr/save.php, https://fkp.su/Page/info.php), mail server/email details used in campaigns, and top MD5 hashes observed, indicating widespread credential theft and malware distribution via double-extensions, embedded phishing pages, compressed archives, and malicious documents.