Microsoft remains the most imitated brand in phishing attacks, followed by Google, Amazon, and Apple.
Each quarter, Check Point tracks which brand names are most often abused by cybercriminals in phishing attacks. As usual, the major tech platforms top the list. Microsoft was once again the most imitated brand in phishing attacks in the fourth quarter of 2025, accounting for 22 percent of all attempts. In the third quarter, that was still forty percent.
According to Check Point Research, Google (13 percent) and Amazon (9 percent) ranked second and third, respectively. Amazon surpassed Apple due to the busy holiday season. After a long absence, Meta is once again part of the top ten. The full list also includes brands such as PayPal, Adobe, Booking, DHL, and LinkedIn.
For the youngest readers among us, there is extra attention on phishing campaigns targeting children. These mimic popular games like Roblox. So no one is spared from cybercrime.
Account recovery
The popularity of Microsoft and Google among phishers is related to their central role in digital workflows. Stolen login credentials from these services often provide broad access to personal and professional accounts. Another method that Check Point sees emerging is the imitation of account recovery pages.
For example, a phishing domain was discovered that posed as Netflix and asked users for their login credentials. The layout was very similar to that of the real site. A similar page also appeared in Spanish that imitated Facebook.
With these quarterly surveys, Check Point wants to warn that phishing via brand names remains successful. Criminals abuse the trust in well-known companies by making subtle differences in domains and visual elements. As a result, users often do not recognize that it is a fraudulent website. Check Point continues to monitor these campaigns to help companies and users recognize and avoid phishing.
read also