Microsoft remains the most imitated brand in phishing scams
Microsoft was the most impersonated brand in worldwide phishing attacks during the third quarter of 2025. 40 percent of such attempts used the company’s name, according to Check Point Research’s Brand Phishing Report for Q3.
Google took the second spot with 9 percent of global phishing activity, while Apple was third with 6 percent. Together, those three names accounted for more than half of all brand impersonation attempts in the period.
SEE ALSO: Q3 ransomware attacks up 36 percent year-on-year
Brand-based scams are on the rise. Attackers use the tried and tested approach of targeting trusted digital services to trick users into sharing credentials or payment information.
Check Point found that fake websites and login pages are becoming more sophisticated. Many mirror official sites down to layout, color palette, and domain structure. Victims are often directed to these pages via convincing emails or text messages.
Microsoft popularity
Microsoft took the top spot because of its software’s popularity with consumers and businesses. Outlook, Teams, and OneDrive are common entry points, giving criminals an easy way to frame their messages as normal account updates or verification requests.
The report also shows that PayPal and DHL have re-entered the global top ten, ranking sixth and tenth. The focus on finance and logistics suggests attackers are widening their targets beyond tech companies. These services appeal to criminals because they deal directly with payments and deliveries, both of which encourage quick user responses.
Researchers uncovered a fraudulent DHL site hosted at dhl-login-check[.]org. It reproduced the genuine login page and collected email addresses, phone numbers, and passwords. Another site, paypal-me[.]icu, copied PayPal’s branding and promised fake rewards to tempt users into revealing their details.
Omer Dembinsky, Data Research Manager at Check Point Software, said phishing has changed dramatically in both quality and intent. “Phishing is no longer just about misspelled emails or poorly designed login pages; it’s now AI-generated, hyper-personalized, and deeply deceptive,” he explained. “The fact that 40 percent of phishing attempts now impersonate Microsoft, and that familiar brands like PayPal and DHL are making a comeback, shows how attackers are doubling down on the services and everyday tools that users trust most. Combating this next wave of phishing requires a prevention-first approach, combining AI-driven security tools with strong authentication and continuous user education.”
The report concludes that awareness and layered protection remain the most effective defenses. Multi-factor authentication, URL verification, and regular staff training can reduce exposure to these attacks.
Phishing continues to evolve, and with trusted names at the center of most campaigns, Microsoft’s position at the top of the list is unlikely to change soon.
What do you think about Microsoft’s continued role as the main target for phishing? Let us know in the comments.