Microsoft ranked as the most impersonated brand in phishing attacks during the fourth quarter of 2025, overtaking Facebook, according to new cybersecurity research.

The findings were published by Guardio Labs, which tracked global phishing trends toward the end of the year.

Cybercriminals Capitalise on High-Activity Periods

The report revealed that threat actors strategically intensified phishing campaigns during periods when users were more likely to expect legitimate messages. These included year-end account checks, subscription renewals, holiday shopping, and job application seasons.

Guardio Labs observed notable surges in phishing attempts around Black Friday sales, the peak delivery window of December, and the early January job-hunting period, when user attention is often divided.

Microsoft’s Ecosystem Attracts Attackers

Researchers attributed Microsoft’s position at the top of the rankings to the scale of its digital footprint, spanning email services, cloud infrastructure, productivity software, and enterprise solutions.

Attackers commonly deploy spoofed login portals, fake security notifications, and fraudulent billing messages that closely imitate legitimate Microsoft communications, making phishing attempts harder to detect.

“Threat actors significantly increased brand impersonation throughout Q4 2025, targeting moments when users are most active online,” Guardio Labs said.

Multiple Trusted Brands Abused

Although Microsoft led the list, the study found that cybercriminals relied on several globally recognised brands to gain user trust.

In addition to Microsoft and Facebook, attackers impersonated platforms such as Roblox and McAfee to reduce suspicion and increase success rates.

Facebook, which previously topped impersonation rankings, remains a frequent target, with scammers continuing to use fake account recovery and security alert messages to steal credentials

Children and Teen-Focused Platforms Under Growing Threat

One of the most alarming trends highlighted in the report is the rising targeting of platforms popular with younger users.

Roblox ranked third among the most impersonated brands in Q4 2025. Phishing campaigns posing as the gaming platform often promise free in-game currency, exclusive digital items, or warn of urgent account suspensions.

Guardio Labs warned that children are often tricked into fake “verification” processes that steal login details. At the same time, parents are targeted with fraudulent support pages designed to capture payment and gift-card information.

Advanced Phishing Kits Heighten Risk

The research also pointed to the growing sophistication of phishing tools. Modern phishing kits are now capable of harvesting session cookies and multi-factor authentication tokens, not just usernames and passwords, enabling deeper account compromise.

Beyond technology firms, attackers are expanding impersonation efforts across gaming, telecoms, cybersecurity, e-commerce, and cryptocurrency sectors, seeking access to accounts containing sensitive financial and personal data.

Most Impersonated Brands in Q4 2025

Guardio Labs identified the following as the top impersonated brands during the quarter:

1. Microsoft
2. Facebook
3. Roblox
4. McAfee
5. Steam
6. AT&T
7. Amazon
8. Google
9. Yahoo
10. Coinbase

Conclusion

Microsoft’s rise to the top of phishing impersonation rankings highlights how cybercriminals increasingly exploit widely trusted digital brands. As attackers refine their tactics, time campaigns around high-traffic periods, and target younger audiences, cybersecurity experts stress the need for stronger user awareness and improved security controls to curb phishing threats heading into 2026.