Check Point Research (CPR), the threat intelligence division of Check Point Software Technologies, has released its Q1 2025 Brand Phishing Ranking, revealing that Microsoft remains the most impersonated brand in phishing attacks, accounting for 36% of all attempts.

The report, published on April 22, 2025, highlights the persistent targeting of trusted global brands by cybercriminals aiming to steal personal, corporate, and payment information. Google surged to second place with 12% of attacks, while Apple held steady in third with 8%. Notably, Mastercard made a significant comeback, reappearing in the top 10 at fifth place for the first time since Q3 2023, driven by a targeted campaign in Japan. The technology sector continues to dominate as the most impersonated industry, followed by social networks and retail.

A key incident in Q1 2025 involved a sophisticated phishing campaign mimicking Mastercard’s official website, primarily targeting Japanese users to steal credit card details and CVVs. Another prominent attack featured a fraudulent Microsoft OneDrive login page under the domain login[.]onedrive-micrasoft[.]com, designed to harvest user credentials. These incidents underscore the evolving tactics of cybercriminals, who leverage highly convincing replicas of legitimate services to exploit user trust. Omer Dembinsky, Data Research Manager at Check Point Software, emphasized the growing threat of phishing attacks, particularly those targeting financial services like Mastercard, urging consumers to exercise caution when engaging with online platforms, especially those involving sensitive data.

The report highlights the broader implications of these trends, with the technology sector’s dominance reflecting the increasing reliance on cloud-based services. As businesses and consumers deepen their digital engagement, platforms like Microsoft, Google, and Apple remain high-value targets. CPR advises users to verify email sources, avoid suspicious links, and enable multi-factor authentication to mitigate risks. With phishing attacks showing no signs of slowing, organizations must prioritize employee training and robust security measures to combat these evolving threats. The resurgence of financial brands like Mastercard in phishing campaigns signals a renewed focus on stealing payment credentials, making vigilance critical in 2025.