Phishing attacks are one of the primary intrusion points for cyber criminals. As we examine the phishing threat landscape through the first quarter of 2025, cyber criminals continue to leverage trusted names to deceive unsuspecting users.
Here’s a closer look at the trends, top brands targeted, and most notable incidents we’ve observed thus far in 2025.
Key Highlights
- Microsoft remains the most targeted brand in phishing attacks, accounting for a 36% of all brand phishing incidents in Q1 2025.
- Google has surged to second place with 12% of phishing attempts, while Apple takes third with 8%.
- Mastercard makes a notable comeback, reappearing on the list for the first time since Q3 2023, securing the fifth position.
- The technology sector tops the list of the most impersonated industries, followed by social networks and retail.
Top 10 Most Targeted Brands in Q1 2025
The following brands were the most frequently impersonated in phishing attempts throughout the first quarter of 2025:
- Microsoft – 36%
- Google – 12%
- Apple – 8%
- Amazon – 4%
- Mastercard – 3%
- Alibaba – 2%
- WhatsApp – 2%
- Facebook – 2%
- LinkedIn – 2%
- Adobe – 1%
Phishing Campaign Targeting Mastercard Users
A new and notable development in Q1 was the rise of a phishing campaign targeting Mastercard users.
In February, cyber criminals launched a series of fraudulent websites designed to mimic the official Mastercard site. The campaign, primarily aimed at users in Japan, attempted to steal sensitive financial information such as credit card numbers and CVVs by convincing victims to visit fake “Mastercard” pages.
Several fake sites were identified, including domains such as:
- mastercard-botan[.]aluui[.]cn
- mastercard-pitiern[.]gmkt6q[.]cn
- mastercard-orexicible[.]bvswu[.]cn
- mastercard-transish[.]gmkt7e[.]cn
While these sites are no longer active, the resurgence of Mastercard in the top 10 rankings reflects the focus on financial institutions as phishing targets. This highlights the need for consumers to remain vigilant, especially when accessing websites related to sensitive financial transactions.
OneDrive Login Page Phishing Example
Another alarming incident this quarter involved a phishing attempt designed to steal user credentials by impersonating OneDrive.
Cyber criminals created a fake login page under the domain login[.]onedrive-micrasoft[.]com, closely resembling the official Microsoft OneDrive login page. The fraudulent site mimicked Microsoft’s branding to deceive users into entering their login credentials, including their email and password.
Such incidents demonstrate the ever-evolving tactics of phishing campaigns, with attackers increasingly relying on near-identical replicas of legitimate services to trick users into compromising their security.
Industry Trends: The Rise of Technology Sector Attacks
The technology sector emerged as the most impersonated industry for phishing attacks in Q1 2025. This trend aligns with the growing reliance on technology and cloud-based services, making these platforms attractive targets for cyber criminals. Companies like Microsoft, Google, and Apple lead this charge, as seen in the top three most-targeted brands.
Following closely behind, social networks and retail industries also faced high levels of impersonation. Phishing attacks targeting social media platforms like Facebook, LinkedIn, and WhatsApp, as well as e-commerce giants like Amazon, are on the rise as cyber criminals seek to exploit users’ trust in these popular services.
Protect Against the Dangers of Phishing Attacks
As we progress through 2025, organizations and users alike must stay alert to the evolving threat of phishing attacks. The most frequently targeted brands are not just household names — they are gateways to sensitive personal and financial information. Cyber security awareness, combined with robust protection strategies like multi-factor authentication (MFA), can help minimize the risk of falling victim to these increasingly sophisticated scams. Check Point Harmony Email helps protect organizations from the dangers of phishing attacks. We were proud to have been named a Leader in the 2024 Gartner®Magic Quadrant™ for Email Security Platforms.
The first quarter of 2025 underscores the importance of vigilance, especially for industries in the technology, social network, and retail sectors. By recognizing the tactics used by cyber criminals, users can protect their personal information and reduce the likelihood of being targeted in future phishing campaigns.