Microsoft emerged as the most impersonated brand in phishing attacks in the fourth quarter of 2025, overtaking Facebook, as cybercriminals increasingly exploited trusted global brands to deceive victims, according to new research.
Findings from Guardio Labs show that by the end of 2025, attackers intensified brand impersonation campaigns, carefully timing them to periods when users were more distracted or expecting legitimate communications, such as year-end account reviews, subscription renewals, holiday shopping, and job searches.
Researchers noted that phishing activity surged during Black Friday promotions, December’s peak package delivery period, and early January job-hunting season, creating fertile ground for fraud.
What the research report is saying
According to the report, Microsoft’s vast digital ecosystem—including email services, cloud storage, productivity tools, and enterprise platforms—makes it an attractive target for cybercriminals.
Fake login pages, fabricated security alerts, and fraudulent billing notices are often designed to closely mimic legitimate Microsoft communications, making them difficult for users to distinguish from genuine messages.
“Scammers ramped up brand impersonation attacks throughout Q4 2025, targeting moments when people are busiest online,” Guardio Labs said.
But the attacks were not targeting Microsoft alone. “They abused well-known brands such as Microsoft, Facebook, Roblox, and McAfee to lower users’ guard,” the report added.
Researchers warn that modern phishing kits have become increasingly sophisticated, capable of stealing not only passwords but also session cookies and multi-factor authentication tokens.
Rising concern over youth-targeted scams
While Microsoft and Facebook dominated the rankings, the research also highlighted a growing trend that is raising alarm among cybersecurity experts: the increasing targeting of platforms popular with children and teenagers.
Roblox ranked third among the most impersonated brands in Q4 2025. Phishing campaigns impersonating the gaming platform often lure victims with promises of free in-game currency, exclusive virtual items, or urgent account suspension notices.
According to Guardio Labs, children frequently encounter fake giveaways that require “verification,” leading to stolen login details, while parents are targeted with fake support sites designed to harvest payment information during gift card purchases or redemptions.
Other brands under attack
Facebook, which previously topped phishing impersonation rankings, remains a major target for scammers, with fake security alerts and account recovery messages commonly used to steal user credentials.
Beyond major technology firms, cybercriminals are also impersonating brands across gaming, telecommunications, cybersecurity, e-commerce, and cryptocurrency sectors as they seek access to accounts with stored financial or personal data.
The top 10 most impersonated brands in Q4 2025 include:
- Microsoft
- Roblox
- McAfee
- Steam
- AT&T
- Amazon
- Yahoo
- Coinbase
What you should know
In a different report by Check Point Research, the Threat Intelligence arm of Check Point Software Technologies Ltd., Microsoft was also found to be the most impersonated brand for Q2 2025.
According to the report, Microsoft appeared in 25% of all phishing attempts globally between April and June 2025. Google followed with 11%, while Apple held third with 9%.
A phishing attack is a type of cyberattack where attackers try to trick individuals into revealing sensitive information, such as usernames, passwords, credit card details, or other personal data, by masquerading as a trustworthy entity.
