<ul data-eligibleForWebStory="false"><li>Cofense reports a significant increase in malicious activities using Spain’s .es top-level domain for phishing attacks, with a 19-fold surge from Q4 2024 to Q1 2025.</li><li>Threat actors are utilizing .es domains to host second-stage phishing pages, primarily impersonating Microsoft services like Outlook alongside other companies like Adobe, Google, and Docusign.</li><li>About 99% of the identified malicious .es domains are hosted on Cloudflare's infrastructure, potentially raising concerns about the ease of deploying malicious content using modern tools.</li><li>Cofense advises organizations to enhance their detection strategies, focusing on subdomain monitoring and brand spoofing detection, as domain abuse patterns serve as early warning signs for evolving threat activities.</li></ul>

Cofense uncovers dramatic rise in phishing attacks using Spain’s .es domains

Discover more