- 22% of all brand phishing attempts tried to impersonate Microsoft
- DHL was the only company in the top 10 that wasn't a tech firm
- Identity is the biggest attack surface for cybercriminals
Recent findings from Check Point reveal that Microsoft continues to be the most spoofed brand in phishing attacks, accounting for nearly one-quarter (22%) of all attempts.
The technology sector is notably the most targeted, with brands like Google (13%), Amazon (9%), Apple (8%), Meta (3%), PayPal (2%), Adobe (2%), Booking (2%), and LinkedIn (1%) also facing significant impersonation attempts.
Interestingly, DHL (1%) is the only non-tech company in the top 10 list.
Most Phishing Brand Impersonations Spoof Tech Giants
Check Point identified seasonal trends influencing these figures; for instance, Amazon impersonations tend to spike during Q4 due to increased holiday shopping, as attackers exploit vulnerabilities associated with last-minute purchases.
The researchers noted, "The continued dominance of Microsoft and Google reflects their central role in identity, productivity, and authentication workflows – making stolen credentials particularly valuable to attackers."
One notable attack observed in Q4 2025 involved a fake game page targeting Roblox users to steal credentials. Additionally, a fraudulent domain mimicked Netflix's official account recovery process to harvest passwords, while a phishing campaign focused on Spanish-speaking users targeted emails, phone numbers, and passwords.
Phishing remains a prevalent attack method for scammers, with identity being the primary target across both consumer fraud and enterprise breaches.
Fortunately, the fundamental principles of cybersecurity remain effective. Despite advancements in technology making attacks more sophisticated, the core advice holds true: avoid sharing passwords and logging in through suspicious links. Instead, navigate to official websites directly and utilize two-factor authentication for added security.