
Check Point Research’s Q1 2025 Brand Phishing Report reveals how cybercriminals increasingly exploit consumer trust in leading technology and financial brands to steal personal, corporate, and payment data through sophisticated phishing schemes
Cybercriminals are increasingly imitating trusted global brands to launch phishing attacks aimed at stealing sensitive data, according to Check Point Research’s (CPR) latest Brand Phishing Report for the first quarter of 2025. The findings shed light on how attackers exploit consumer trust in major technology and financial brands to extract personal, corporate, and payment information.
Leading the list for the second consecutive quarter, Microsoft was the most imitated brand, involved in 36% of phishing attempts worldwide. Google followed with a sharp rise to 12%, while Apple secured the third spot at 8%. These figures highlight how technology giants remain prime targets for threat actors capitalizing on their widespread use in daily digital activity.
In a notable development, Mastercard reappeared in the top 10 rankings for the first time since late 2023, climbing to fifth position with 3% of all phishing attempts. The company’s resurgence on the list reflects a broader shift in cybercriminal strategies, increasingly focused on financial service providers.
"Phishing campaigns exploiting well-known brands continue to dominate the cyber threat landscape," said Omer Dembinsky, Data Research Manager at Check Point Software. "The re-emergence of Mastercard signals a renewed focus on financial fraud. Consumers should exercise caution, especially when handling financial data online."
Tech giants top phishing list
The top ten brands most frequently targeted by phishing attacks in Q1 2025 were led by Microsoft, which accounted for 36% of all attempts. Google followed with 12%, while Apple came in third with 8%. Amazon was the fourth most impersonated at 4%, and Mastercard made a notable return to the rankings at fifth place with 3%. Other frequently mimicked brands included Alibaba, WhatsApp, Facebook, and LinkedIn—each at 2%—while Adobe rounded out the list with 1%.
A surge in phishing campaigns targeting Mastercard users was recorded in February, particularly in Japan. Attackers created convincing fake websites mirroring Mastercard’s official portal to harvest credit card numbers and CVVs. Though the malicious domains—such as mastercard-botan[.]aluui[.]cn and mastercard-transish[.]gmkt7e[.
Another widespread attack involved a spoofed OneDrive login page hosted at login[.]onedrive-micrasoft[.]
Digital platforms under attack
Technology brands were the most frequently impersonated in phishing schemes during Q1, reflecting the global dependence on digital platforms. Social networks and retail platforms followed closely, with brands like Facebook, LinkedIn, WhatsApp, and Amazon also appearing on the hit list.
As cybercriminals refine their methods, experts urge users and organizations to remain vigilant, employ multi-layered security protocols, and verify website authenticity—particularly when dealing with financial or corporate services.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.