These are the brands most tPhishing still targets major brands
In Q1 2025, Microsoft maintained its position as the most targeted brand, accounting for 36% of all phishing attempts.
Google surged to second place with 12%, while Apple remained in the top three with 8%.
Notably, Mastercard made a strong comeback, reappearing in the top 10 for the first time since Q3 2023, securing the fifth position.
The Technology sector was the most impersonated industry, followed by Social Networks and Retail.
These are among the findings from the latest Check Point Research (CPR) Brand Phishing Ranking for Q1 2025 that highlights the brands most frequently imitated by cybercriminals to steal personal, corporate and payment information, emphasising the evolving nature of phishing attacks in the digital age.
Omer Dembinsky, data research manager at Check Point Software, comments: “Phishing attacks leveraging trusted brands continue to be a primary threat. The return of Mastercard in the top rankings highlights the motivation of impersonating financial services as a fraud opportunity. Consumers must remain vigilant when interacting with online services, especially those involving sensitive financial data.”
The top 10 brands most frequently targeted by phishing attacks during Q1 2025 were:
- Microsoft – 36%
- Google – 12%
- Apple – 8%
- Amazon – 4%
- Mastercard – 3%
- Alibaba – 2%
- WhatsApp – 2%
- Facebook – 2%
- LinkedIn – 2%
- Adobe – 1%
A notable development in Q1 was the rise of a phishing campaign targeting Mastercard users. In February, cybercriminals launched fraudulent websites designed to mimic the official Mastercard website, primarily targeting users in Japan. The sites aimed to steal sensitive financial information such as credit card numbers and CVVs.
Several fake domains were identified, including:
- mastercard-botan[.]aluui[.]cn
- mastercard-pitiern[.]gmkt6q[.]cn
- mastercard-orexicible[.]bvswu[.]cn
- mastercard-transish[.]gmkt7e[.]cn
While these sites are no longer active, the resurgence of Mastercard in the top 10 rankings highlights a focus on financial institutions as targets for phishing. This serves as a reminder for users to be cautious when engaging with websites related to financial transactions.
Another significant phishing attempt this quarter involved a fake login page designed to steal user credentials by impersonating Microsoft’s OneDrive. Cybercriminals created the domain login[.]onedrive-micrasoft[.]com, which closely resembled the official OneDrive login page. By mimicking Microsoft’s branding, attackers aimed to deceive users into providing their login credentials, including email addresses and passwords.
These incidents underline the evolving tactics of cybercriminals, who continue to rely on highly convincing replicas of legitimate services to trick users into compromising their security.
The Technology sector emerged as the most impersonated industry in Q1 2025. As businesses and consumers increasingly rely on technology and cloud-based services, these platforms remain attractive targets for cyber criminals.
Leading tech companies such as Microsoft, Google, and Apple were among the most targeted brands.
The Social Networks and Retail sectors also saw significant impersonation, with phishing attacks targeting platforms like Facebook, LinkedIn, WhatsApp, and major e-commerce sites like Amazon.