Microsoft has once again emerged as the most impersonated brand in global phishing attacks, underscoring how cybercriminals continue to exploit trusted technology platforms to steal credentials and gain access to sensitive systems.
According to Check Point Research (CPR), the threat intelligence unit of cybersecurity firm Check Point Software Technologies, Microsoft accounted for 22% of all brand phishing attempts recorded in the fourth quarter of 2025. The finding extends a multi-quarter pattern in which attackers consistently target widely used enterprise and consumer platforms where compromised identities can unlock emails, cloud services and corporate networks.
Google ranked second, appearing in 13% of phishing campaigns, while Amazon followed in third place with 9%. CPR noted that Amazon’s surge was closely linked to heightened online shopping activity during Black Friday and the holiday season, when users are more likely to engage with urgent delivery and payment messages.
Apple placed fourth with 8%, reflecting continued interest by attackers in exploiting brand loyalty and the value of linked ecosystems. Facebook, owned by Meta, returned to the global top 10 after several quarters of absence, landing fifth with 3%. Its re-entry signals renewed focus by attackers on social-media account takeovers and identity theft.
PayPal, Adobe, Booking, DHL and LinkedIn rounded out the top 10, each accounting for between 1% and 2% of observed phishing attempts.
Omer Dembinsky, Data Research Manager at Check Point Research, said phishing campaigns are becoming increasingly refined, using polished branding, AI-generated content and deceptive domain names that closely resemble legitimate sites. He noted that the continued dominance of Microsoft and Google highlights the growing value of identity-based access to cybercriminals, while the resurgence of platforms such as Facebook and PayPal shows how quickly attackers adapt to exploit trust and urgency.
“The evolution of phishing tactics means organizations can no longer rely on reactive defenses alone,” Dembinsky said, stressing the importance of prevention-first strategies that combine AI-driven threat detection, strong authentication controls and continuous user awareness.
The Q4 2025 ranking reinforces a broader trend identified by CPR: technology and consumer platforms remain the primary drivers of phishing activity globally. As digital identities become central to work, commerce and communication, security experts warn that safeguarding user credentials will remain one of the most critical challenges for organizations and individuals alike.
