- 22% of all brand phishing attempts attempted to impersonate Microsoft
- DHL was the only company in the top 10 that was not a technology company
- Identity is the biggest attack surface for cybercriminals
New data from Check Point reveals that Microsoft remained the most spoofed brand in phishing attacks over the final three months of 2025, accounting for nearly a quarter (22%) of all brand phishing attempts.
As is unfortunately all too common these days, the tech industry is most affected by brand impersonation, with Google (13%), Amazon (9%), Apple (8%), Meta (3%), PayPal (2%), Adobe (2%), Booking (2%), and LinkedIn (1%) all experiencing similar attempts.
In fact, shipping giant DHL (1%) was the only company in the top 10 not in the technology sector.
Most phishing brand impersonations impersonate tech giants
Check Point has discovered some seasonal trends that cause fluctuations: for example, Amazon spoofs were likely inflated each quarter by increased Christmas shopping traffic, with attackers exploiting vulnerabilities in last-minute and high-value purchases.
“The continued dominance of Microsoft and Google reflects their central role in identity, productivity, and authentication workflows, making stolen credentials particularly valuable to attackers,” the researchers explained.
One of the attacks Check Point observed in Q4 2025 was a fake gaming page targeting Roblox users to steal credentials. A fake domain also mimicked Netflix’s official account recovery flow to allow attackers to harvest passwords, and a Facebook phishing campaign focused on Spain also targeted emails, phone numbers and passwords.
However, one thing rarely changes: phishing is a key attack method for fraudsters, and identity is the primary attack surface for consumer fraud and enterprise breaches.
Much of this is good news, because the same basic cybersecurity hygiene that we’ve always been taught still applies. Technological developments have made it more difficult to detect attacks, and AI has only made them more sophisticated, but the key principles remain the same: avoid sharing passwords and logging in via potentially suspicious links and instead navigate to the official site via a search engine or by typing in the domain, and use two-factor authentication for a secondary layer of protection.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
