Microsoft tops list of most spoofed brands in phishing attacks

According to Tech Radar, Microsoft has once again been identified as the most impersonated brand in phishing attempts during the fourth quarter of 2025, accounting for 22% of all such attacks.

The technology sector continues to be the primary target for brand impersonation, with Google, Amazon, and Apple also appearing frequently in phishing campaigns. DHL was the only non-tech company in the top 10. Attackers exploit the central role of tech companies in identity, productivity, and authentication to steal credentials. Observed attacks included fake game pages targeting Roblox users, attacks mimicking Netflix's account recovery to harvest passwords, and a Spanish-focused Facebook campaign targeting personal information. Identity remains the most significant attack surface for cybercriminals across both consumer and enterprise sectors.

Despite advancements in attack sophistication, including the use of AI, basic cybersecurity hygiene remains crucial. Users are advised to avoid sharing passwords, be wary of suspicious links, and navigate directly to official websites. Implementing two-factor authentication provides an essential additional layer of security against these persistent threats.

Source: Tech Radar