- 22% of all brand phishing attempts tried to impersonate Microsoft
- DHL was the only company in the top 10 that was not a technology company
- Identity is the biggest attack surface for cybercriminals
New data from Check Point has found that Microsoft remained the most counterfeited brand in phishing attacks during the last three months of 2025, accounting for nearly a quarter (22%) of all brand phishing attempts.
As is unfortunately all too common these days, the tech industry is most affected by trademark imitation, with Google (13%), Amazon (9%), Apple (8%), Meta (3%), PayPal (2%), Adobe (2%), Booking (2%) and LinkedIn (1%) all seeing similar attempts.
In fact, shipping giant DHL (1%) was the only company to appear in the top 10 list that did not belong to the technology sector.
Most imitation phishing brands spoof tech giants
Check Point revealed some seasonal trends that cause fluctuations – for example, Amazon impersonations were likely inflated every 4 quarters by higher Christmas shopping traffic, with attackers exploiting vulnerabilities during last-minute shopping and high-value purchases.
“The continued dominance of Microsoft and Google reflects their central role in identity, productivity and authentication workflows – making stolen credentials particularly valuable to attackers,” the researchers explained.
One of the attacks Check Point observed in Q4 2025 was a fake game page that targeted Roblox users to steal credentials. A fake domain also mimicked Netflix’s official account recovery flow to enable attackers to harvest passwords, and a Spanish-focused Facebook phishing campaign also targeted emails, phone numbers and passwords.
However, one thing rarely changes – phishing is a key attack method for fraudsters, and identity is the top attack surface across both consumer fraud and enterprise breaches.
This is mostly good news because the same basic cybersecurity hygiene we’ve always been taught still applies. Technological developments have made it harder to detect attacks and AI has only served to make them more sophisticated, but the key principles remain the same – avoid sharing passwords and logging in via potentially suspicious links and instead navigate to the official website via a search engine or enter the domain, and use two-factor authentication for a secondary layer of protection.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
