February 2026 Phishing Email Trends Report

This February 2026 phishing email trend report summarizes distribution statistics and representative cases showing attackers using HTML/script-based fake pages, malicious document links, and double-compressed attachments to deliver phishing pages and malware. Notable findings include JS payloads that inject into Aspnet_compiler.exe to execute Remcos RAT, rising use of steganography in attachments, and provided sample MD5 hashes; the full ATIP report contains detailed C2 and phishing body text information.