- 22% of all brand phishing attempts attempted to impersonate Microsoft
- DHL was the only company in the top 10 that was not a technology company
- Identity is the biggest attack surface for cybercriminals
New data from Check Point has found that Microsoft remained the most spoofed brand in phishing attacks during the final three months of 2025, accounting for nearly a quarter (22%) of all brand phishing attempts.
As is unfortunately very common today, the technology industry is the most affected by brand impersonation: Google (13%), Amazon (9%), Apple (8%), Meta (3%), PayPal (2%), Adobe (2%), Booking (2%) and LinkedIn (1%) have seen similar attempts.
In fact, shipping giant DHL (1%) was the only company that appeared in the top 10 list that was not in the technology sector.
Most Phishing Brand Impersonations Fool Tech Giants
Check Point discovered some seasonal trends that cause fluctuations; For example, Amazon impersonations were likely inflated every fourth quarter by increased holiday shopping traffic, and attackers exploited vulnerabilities in last-minute purchases and high-value purchases.
“The continued dominance of Microsoft and Google reflects their central role in identity, productivity, and authentication workflows, making stolen credentials particularly valuable to attackers,” the researchers explained.
One of the attacks Check Point observed in Q4 2025 was a fake gaming page targeting Roblox users to steal credentials. A fake domain also mimicked Netflix’s official account recovery flow to allow attackers to harvest passwords, and a Spanish-focused Facebook phishing campaign also targeted emails, phone numbers and passwords.
However, one thing rarely changes: phishing is a key attack method for fraudsters, and identity is the primary attack surface in both consumer fraud and business breaches.
This is largely good news, because the same basic cybersecurity hygiene we’ve always been taught still holds true. Technological evolutions have made it more difficult to detect attacks, and AI has only served to make them more sophisticated, but the key principles remain the same: avoid sharing passwords and logging in through potentially suspicious links and instead navigate to the official website via a search engine or by typing in the domain, and use two-factor authentication as a secondary layer of protection.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
