There has been a significant surge in brand impersonation attacks targeting users’ most trusted digital services, with Microsoft once again the most exploited brand, appearing in 40% of all phishing attempts worldwide – a significant rise that highlights attackers’ growing focus on widely used productivity platforms.
This is among the findings from the new Brand Phishing Report for Q3 2025 releases by Check Point Research (CPR), the Threat Intelligence arm of Check Point Software Technologies.
The dominance of familiar tech brands shows no sign of slowing. Google (9%) and Apple (6%) ranked second and third, respectively, and together, these three companies accounted for more than half of all phishing activity in the last quarter.
PayPal and DHL made notable re-entries into the global top 10 after a long absence, landing in 6th and 10th place, reflecting a widening attacker focus across digital payments and logistics services – critical vectors for both consumers and enterprises.
Omer Dembinsky, data research manager at Check Point Software, comments: “Phishing is no longer just about misspelled emails or poorly designed login pages — it’s now AI-generated, hyper-personalised, and deeply deceptive.
“The fact that 40% of phishing attempts now impersonate Microsoft, and that familiar brands like PayPal and DHL are making a comeback, shows how attackers are doubling down on the services and everyday tools that users trust most. Combating this next wave of phishing requires a prevention-first approach, combining AI-driven security tools with strong authentication and continuous user education.”
The top 10 most imitated brands in Q3 2025 were:
- Microsoft – 40%
- Google – 9%
- Apple – 6%
- Spotify – 4%
- Amazon – 3%
- PayPal – 3%
- Adobe – 3%
- Booking.com – 2%
- LinkedIn – 2%
- DHL – 2%
After several quarters off the list, PayPal and DHL have re-entered the global top 10, ranking sixth and 10th, respectively.
Their return reflects cybercriminals’ growing focus on financial services and logistics platforms – domains where trust and urgency can be easily manipulated to maximise the success of phishing attempts.
Check Point researchers uncovered a fraudulent DHL website (dhl-login-check[.]org) that mirrored the courier’s official login page and tricked users into entering login and email credentials, phone numbers, and home addresses. For victims, the experience would appear routine, just another package-tracking sign-in, until their personal data was quietly harvested behind the scenes.
In a similar case, Check Point Research identified another masquerading PayPal phishing site (paypal-me[.]icu) which promised fake rewards using social engineering tactics, luring users into revealing sensitive information including passwords, login credentials, and credit card details.
By blending the familiar look and feel of trusted brands with emotional triggers like urgency or reward, attackers continue to blur the line between legitimate and fraudulent online experiences.
The Technology sector maintained its position as the most targeted industry in Q3 2025, followed by social networks and retail, underscoring how attackers continue to exploit the digital services people depend on every day, including heavily-used e-commerce and professional sites. As we enter the big shopping season, it is expected we’ll see an increase in such phishing scams across the travel and logistics services, with hackers exploiting users’ trust during the coming holiday season.