The ultimate “must-have” brand for 2026 is Microsoft — but only if you’re a phishing scammer

by

If you look in your email spam folder, you’ll likely find attempts to trick you by pretending to be legitimate companies. Many of these scams involve emails claiming to be from Microsoft.

Check Point reports that in 2025, Microsoft was the target of 22% of all phishing attacks where attackers pretended to be a legitimate brand.

It’s tempting to joke that no one falls for phishing scams because they wouldn’t use a tool like Copilot. However, phishing attacks frequently involve pretending to be well-known technology companies, and we should assume these attacks are successful – otherwise, criminals would stop using them.

We all depend on big tech companies like Microsoft, Google, Amazon, and Apple. Unfortunately, the huge amount of data they hold makes them targets for hackers. If a hacker got into your main accounts, they could steal your personal information, banking details, and other sensitive data.

A common way hackers get into your accounts is by deceiving you into giving them your username and password.

Check Point explains that Microsoft and Google remain leading companies because they are essential for how people log in, get work done, and prove who they are online. This makes usernames and passwords stolen from these platforms especially attractive to hackers.

Late last year, Check Point Research discovered a scheme targeting Roblox players. Attackers used a fake website with a domain name very similar to the real one, and linked it to a page that closely resembled the official Roblox login screen.

These types of schemes often copy the look and feel of well-known websites like Netflix, Facebook, and Microsoft to trick people.

Out of the top ten imitated brands, only one is not a tech company:

  • Microsoft – 22%
  • Google – 13%
  • Amazon – 9%
  • Apple – 8%
  • Facebook (Meta) – 3%
  • PayPal – 2%
  • Adobe – 2%
  • Booking – 2%
  • DHL – 1%
  • LinkedIn – 1%

Microsoft even gets a bonus percentage point since LinkedIn is owned by Microsoft.

Check Point reports that phishing attacks are becoming increasingly sophisticated, exploiting people’s trust in well-known brands. Cybercriminals are using high-quality visuals, slightly altered web addresses, and complex, realistic processes to steal login information without victims realizing it. These attacks closely imitate legitimate online experiences, making it hard to detect fraud.

Checking for typos is still helpful, but phishing scams are now much more sophisticated than they used to be.

Here are some rules to help you reduce your risks:

  • Do not click links marked as urgent or that emphasize they are “about to be deleted.”
  • Check the actual email address of the sender, not just their sender name.
  • Use an authenticator app or some method of multi-factor authentication.
  • Keep an eye out for “lookalike” characters. Attackers can use characters from different alphabets that look like normal letters but appear a bit “off.”
  • Don’t respond to pressure. If an email uses aggressive or pressuring language, it is likely a scam.
  • When in doubt, throw it out: If you think something feels off or looks suspicious, delete it. You can always get in touch with companies in other ways.

As someone who’s really into tech, I always tell people that if you suspect a phishing attempt or scam, definitely report it! Whether it’s to Microsoft directly or through your email provider, letting them know helps them get better at protecting all of us. They actually use that information to improve their security systems, so every report makes a difference.

Read More

2026-01-20 15:10