A new report by Check Point Research, the Threat Intelligence arm of Check Point Software Technologies Ltd., has revealed that Microsoft, Google, and Spotify were the most impersonated brands for phishing attacks in Q2 2025.
According to the report, Microsoft was the most impersonated brand, appearing in 25% of all phishing attempts globally between April and June 2025.
Google followed with 11%, while Apple held third with 9%.
In a notable twist, Spotify made a dramatic return to the top 10 for the first time since Q4 2019, ranking fourth with 6% of phishing activity.
Other frequently impersonated brands included Adobe, LinkedIn, Amazon, Booking.com, WhatsApp, and Facebook.
A phishing attack is a type of cyberattack where attackers try to trick individuals into revealing sensitive information, such as usernames, passwords, credit card details, or other personal data, by masquerading as a trustworthy entity.
Technology still the number one target
Check Point noted that the technology sector remains the most impersonated industry, as attackers exploit user trust in software, cloud, and authentication platforms to steal login credentials and payment data.
Commenting on the findings, Data Research Manager at Check Point Software, Omer Dembinsky, said:
“Cybercriminals continue to exploit the trust users place in well-known brands. The resurgence of Spotify and the surge in travel-related scams, especially during the Northern Hemisphere’s holiday season, show how phishing attacks are adapting to user behavior and seasonal trends.”
- One of the most prominent phishing attacks of the quarter centered on Spotify. Attackers built a fake login page that mimicked the real Spotify experience, prompting users to enter their usernames and passwords.
- Once entered, users were redirected to a counterfeit payment page designed to steal credit card details.
- This campaign indicated a wider shift toward targeting entertainment and subscription services, reflecting users’ increased dependence on digital platforms for music, video, and content.
Booking.com scam sees 1000% spike
The travel sector also saw a sharp increase in phishing activity, with over 700 Booking.com-themed phishing domains created in Q2.
Many of these used a “confirmation-id**.com” format**, embedding real user data like names and contact details to heighten credibility and urgency.
These personalized scams reflect the growing sophistication of phishing attackers, who now use data-driven tactics to enhance their credibility.
What you should know
While these phishing campaigns are global, Nigerian businesses and digital consumers are not exempt. With widespread adoption of Microsoft 365, Google Workspace, and popular platforms like Spotify and WhatsApp, phishing campaigns targeting these brands present a clear and present danger to corporate data security and individual financial safety.
- Organizations are advised to invest in email security, employee training, and multi-factor authentication, while individuals should be cautious when clicking on links or entering credentials—especially when prompted by urgent or unfamiliar messages.
- Phishing remains one of the most effective and scalable tools for cybercriminals. As attackers become more strategic, leveraging brand familiarity and seasonal behaviors, vigilance and cybersecurity awareness have never been more important.
