In the first quarter, phishing scammers impersonated Microsoft more than any other single brand, with the IT giant accounting for 36% of all brand phishing attempts, according to a recent report from Check Point Research. This marks a continuation of scammers favoring Microsoft from previous quarters, as cybercriminals continue to exploit the company’s widespread usage and familiarity among users.
Google and Apple Follow as Prime Targets
Fellow tech giants Google and Apple took second and third place, accounting for 12% and 8% of brand impersonation attempts, respectively. The report highlights the increasing trend of cybercriminals leveraging the credibility of major technology platforms to lure victims into disclosing sensitive information such as login credentials or financial data.
Mastercard Makes a Comeback
Mastercard has returned to the list for the first time since Q3 2023, securing the fifth position with 3% of phishing activity. Check Point explains Mastercard’s reappearance by pointing to a significant phishing campaign targeting Mastercard users in Japan. The campaign used fraudulent websites that closely resembled the official Mastercard page to collect personal and financial information, including credit card numbers and CVV codes.
Fake sites included:
- mastercard-botan[.]aluui[.]cn
- mastercard-pitiern[.]gmkt6q[.]cn
- mastercard-orexicible[.]bvswu[.]cn
- mastercard-transish[.]gmkt7e[.]cn
Check Point notes that, while these sites are no longer active, Mastercard’s resurgence reflects a broader focus on financial institutions as phishing targets.
Top 10 Most Imitated Brands in Q1 2025
According to Check Point’s research, the following brands were the most frequently impersonated in phishing attempts throughout the first quarter of 2025:
- Microsoft – 36%
- Google – 12%
- Apple – 8%
- Amazon – 4%
- Mastercard – 3%
- Alibaba – 2%
- WhatsApp – 2%
- Facebook – 2%
- LinkedIn – 2
- Adobe – 1%
Technology Sector Remains a Prime Target
Clearly, the tech sector is the most targeted industry, with phishing campaigns frequently masquerading as well-known software and platform providers. This trend aligns with the growing dependence on digital services in both personal and professional contexts. Social networks and retail brands were also heavily targeted, often through fake login portals or promotional scams.
Phishing Methods Grow Increasingly Sophisticated
The report also highlights an increase in the sophistication of phishing tactics. Fake websites are becoming increasingly convincing, often using lookalike domains and copied branding to deceive users. Moreover, while attackers continue to rely on email as the primary vector for these campaigns, they are also leveraging SMS (smishing) and messaging apps to increase their reach and credibility.
Recommendations
To combat brand impersonation, Check Point researchers recommend:
- Verifying the authenticity of email senders and links
- Avoiding the sharing of personal information through unsolicited messages
- Using multi-factor authentication wherever possible
- Keeping systems and software up to date
Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.