Microsoft becomes most spoofed brand in phishing attacks (again)

Published: 6 January 2026
Last updated: 7 January 2026
Hacker Windows
Image by Cybernews.

Microsoft overtook Facebook in Q4 2025 as the most impersonated brand in phishing attacks, according to researchers. Scammers are also increasingly abusing brands popular with kids, raising concerns about youth-targeted fraud.

Cybercriminals are leaning harder than ever on trusted brand names to trick victims. By the end of 2025, Microsoft had become the most impersonated brand in phishing attacks, overtaking Facebook, according to new research.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Google News Follow us
ADVERTISEMENT

The shift, observed during the final quarter of the year, reflects how attackers adapt to moments when users are distracted, overloaded, or when they are expecting to receive legitimate messages.

The research from Guardio Labs suggests that scammers continue using brand trust to bypass users’ defenses, with researchers noting that phishing activity surged around year-end account reviews.

“Scammers ramped up brand impersonation attacks throughout Q4 2025, timing their campaigns around when people are busiest online, shopping for deals, renewing subscriptions, or looking for jobs,” Guardio researchers wrote, noting that phishing activity surged around year-end account reviews, subscription renewals, holiday shopping, and job searches.

“They targeted Microsoft, Facebook, Roblox, and McAfee by launching fake storefronts during Black Friday, sending delivery scams throughout December's package delivery rush, and running job scams as January job hunting picks up.”

Guardio

Microsoft’s rise to top not unexpected

Microsoft’s sprawling ecosystem – including email, cloud storage, productivity tools and enterprise services – offers attackers a vast attack surface, meaning that its position as number one imitated brand is not a surprise.

Fake login pages, fabricated security alerts, and bogus billing notices are routinely designed to look indistinguishable from real Microsoft communications.

Fakemicrosoftloginpage
Fake Microsoft login page. Guardio
ADVERTISEMENT

We’ve reported how scammers really like to impersonate Microsoft in part because a single compromised account can grant access to emails, files, and even workplace systems.

In some studies, Microsoft-branded phishing pages accounted for the majority of all detected brand impersonation attacks worldwide.

The Cybernews community is talking about this. Be a part of the conversation.

Microsoft accounts remain a target for attackers as phishing kits grow more sophisticated and capable of stealing not only passwords but also session cookies and multi-factor authentication tokens.

But while Microsoft dominated the rankings overall (with Facebook a close second), Guardio’s data also highlights a more worrying trend: phishing campaigns are increasingly targeting platforms with younger audiences, who probably aren’t as security-savvy.

Roblox scams target younger audiences

Third on the list of most impersonated brands was Roblox, a platform used heavily by children and teenagers. Security researchers say that makes Roblox themed scams particularly effective, and especially concerning.

Phishing attacks impersonating Roblox often promise free in-game currency, exclusive items or urgent account suspension warnings.

Robloxscamwebsite
Roblox scam website. Guardio
ADVERTISEMENT

“Kids encounter fake giveaways requiring ‘verification’ that steal passwords, while parents find fake support sites that harvest payment information when trying to purchase or redeem gift cards. The platform's young user base makes these scams particularly effective,” the report states.

Top 10 Most imitated Brands in Q4 2025

  1. Microsoft
  2. Facebook
  3. Roblox
  4. McAffee
  5. Steam
  6. AT&T
  7. Amazon
  8. Google
  9. Yahoo
  10. Coinbase

The research shows that Facebook, which had previously topped phishing impersonation rankings, still remains one of the most impersonated brands globally, with attackers frequently abusing fake security alerts and account-recovery notices to steal credentials.

Beyond the big technology brands to appear (Amazon , Google, Yahoo) there are gaming platforms, telecom (AT&T), security tools (McAfee), shopping (Amazon) and crypto services (Coinbase) which are being spoofed as fraudsters hunt for credentials, financial data, or access to accounts with stored payment information.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Meta has quietly shipped the technology needed for facial recognition glasses
Hackers getting an easy ride: misconfigured cloud settings behind growing number of data breaches
Anthropic claims AI is too fast and needs to hit the brakes: let’s take it with a pinch of salt
US lawmakers push new bill on AI safety, state law limits, worker protections
Pewdiepie declares war on big tech following the release of his free and local AI workspace
California tech CEO busted for selling forbidden US technology to Iran’s nuclear agency
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked