Checkpoint Research Reveals Q3 2025 Brand Phishing Trends: Microsoft Retains Top Spot

Checkpoint Research Unveils Brand Phishing Landscape for Q3 2025

Checkpoint Research, a leading entity in cyber threat intelligence, has released its brand phishing report for the third quarter of 2025. This report underscores a concerning trend: a significant surge in phishing attacks that impersonate trusted digital services, predominantly targeting consumers and businesses alike.

Dominance of Major Brands

The report indicates that Microsoft continues to be the brand most frequently targeted by phishing schemes, accounting for a staggering 40% of all phishing attacks globally. This marks a substantial increase from previous assessments, revealing a focused effort by attackers to exploit highly-used enterprise platforms. Following Microsoft are tech giants Google and Apple, capturing 9% and 6% of attacks respectively. In fact, the top three brands contribute to over half of all phishing incidents reported in this quarter.

In a noteworthy shift, both PayPal and DHL have made returns to the top 10, ranking 6th and 10th, respectively. This trend reflects a broader assault on vital digital payment and logistics services, where the stakes are high, and user trust is paramount. As cybercriminals adapt, the implications for consumers are increasingly severe.

Evolving Phishing Strategies

Omer Dembinsky, Data Research Manager at Checkpoint, emphasized the changing face of phishing attacks. He explained that modern phishing tactics have moved beyond the stereotypical misspelled emails and crude login pages. Nowadays, attackers utilize AI-driven methods to create highly personalized and sophisticated schemes, blurring the line between legitimate services and scams.

To combat these next-generation phishing strategies, Dembinsky urged a proactive approach that includes deploying AI-powered security tools, implementing multi-factor authentication, and promoting ongoing user education to enhance awareness.

Spotlight on Hijacked Brands

The report lists the top brands most frequently impersonated in Q3 2025:

1. Microsoft (40%)
2. Google (9%)
3. Apple (6%)
4. Spotify (4%)
5. Amazon (3%)
6. PayPal (3%)
7. Adobe (3%)
8. Booking.com (2%)
9. LinkedIn (2%)
10. DHL (2%)

The resurgence of PayPal and DHL into the top ranks serves as a stark warning. Attackers are honing in on financial services and logistics platforms where emotional triggers such as urgency and rewards can easily exploit user vulnerabilities.

Checkpoint Research uncovered various examples, including a phishing site disguised as DHL’s official login page (dhl-login-check[.]org), which tricked users into providing sensitive information like passwords and addresses. Similarly, another phishing site masquerading as PayPal (paypal-me[.]icu) promised false rewards, further emphasizing the blend of social engineering techniques used by cybercriminals to deceive unsuspecting users.

Continuation of Tech Industry Targeting

As the study reveals, the technology sector remains the primary focus of phishing attacks, followed closely by social media and retail sectors. Given the rapid approach of the year-end shopping season, it is anticipated that attackers will increasingly prey on users’ trust during the holiday period, targeting logistics and travel services.

Checkpoint Research is committed to providing timely insights on cyber threats to aid its clients and the broader threat intelligence community in combating these emerging issues. With over 100 analysts and researchers, the team collaborates closely with security vendors, law enforcement, and various CERT organizations to fortify cybersecurity measures globally.

About Checkpoint Research

Checkpoint Research analyzes and gathers data on cyberattacks from around the globe, contributing to the efficacy of Checkpoint's threat intelligence solutions embedded in their products. The organization strives to deter hackers and improve protective features continually. Checkpoint operates as a leading provider of cyber security solutions worldwide, ensuring thousands of enterprises are protected through its advanced Infinity Platform.

For more information, please visit Checkpoint's official channels.