Check Point Research Unveils Q1 2025 Brand Phishing Trends: Microsoft Dominates as Top Target, Mastercard Makes a Comeback

Technology and Social Networks Remain Top Imitated Brands in Phishing Attacks, Emphasising the Importance of Enhanced Security Measures

Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP) and  a pioneer and global leader of cyber security solutions, has released its latest Brand Phishing Ranking for Q1 2025. This report highlights the brands most frequently imitated by cybercriminals to steal personal, corporate and payment information, emphasising the evolving nature of phishing attacks in the digital age. 

In Q1 2025, Microsoft maintained its position as the most targeted brand, accounting for 36% of all phishing attempts. Google surged to second place with 12%, while Apple remained in the top 3 with 8%. Notably, Mastercard made a strong comeback, reappearing in the top 10 for the first time since Q3 2023, securing the fifth position. The Technology sector was the most impersonated industry, followed by Social Networks and Retail. 

Omer Dembinsky, Data Research Manager at Check Point Software, commented, “Phishing attacks leveraging trusted brands continue to be a primary threat. The return of Mastercard in the top rankings highlights the motivation of impersonating financial services as a fraud opportunity. Consumers must remain vigilant when interacting with online services, especially those involving sensitive financial data.” 

Top 10 Targeted Brands in Q1 2025

Below are the top 10 brands most frequently targeted by phishing attacks during Q1 2025:

1. Microsoft – 36%
2. Google – 12%
3. Apple – 8%
4. Amazon – 4%
5. Mastercard – 3%
6. Alibaba – 2%
7. WhatsApp – 2%
8. Facebook – 2%
9. LinkedIn – 2%
10. Adobe – 1%

Phishing Campaign Targeting Mastercard Users

A notable development in Q1 was the rise of a phishing campaign targeting Mastercard users. In February, cybercriminals launched fraudulent websites designed to mimic the official Mastercard website, primarily targeting users in Japan. The sites aimed to steal sensitive financial information such as credit card numbers and CVVs. Several fake domains were identified, including:

• mastercard-botan[.]aluui[.]cn
• mastercard-pitiern[.]gmkt6q[.]cn
• mastercard-orexicible[.]bvswu[.]cn
• mastercard-transish[.]gmkt7e[.]cn

While these sites are no longer active, the resurgence of Mastercard in the top 10 rankings highlights a focus on financial institutions as targets for phishing. This serves as a reminder for users to be cautious when engaging with websites related to financial transactions. 

OneDrive Login Page Phishing Example

Another significant phishing attempt this quarter involved a fake login page designed to steal user credentials by impersonating Microsoft’s OneDrive. Cybercriminals created the domain login[.]onedrive-micrasoft[.]com, which closely resembled the official OneDrive login page. By mimicking Microsoft’s branding, attackers aimed to deceive users into providing their login credentials, including email addresses and passwords.

These incidents underline the evolving tactics of cybercriminals, who continue to rely on highly convincing replicas of legitimate services to trick users into compromising their security.

Industry Trends: The Rise of Technology Sector Attacks

The Technology sector emerged as the most impersonated industry in Q1 2025. As businesses and consumers increasingly rely on technology and cloud-based services, these platforms remain attractive targets for cyber criminals. Leading tech companies such as Microsoft, Google, and Apple were among the most targeted brands. The Social Networks and Retail sectors also saw significant impersonation, with phishing attacks targeting platforms like Facebook, LinkedIn, WhatsApp, and major e-commerce sites like Amazon.