A new report by Check Point Research shows that Microsoft, Google, and Spotify were the most impersonated brands in phishing attacks during Q2 2025. Microsoft led the list, appearing in 25% of phishing attempts worldwide.
Google followed with 11%, and Apple came third at 9%. Spotify made a surprise return, ranking fourth with 6%. This is its first top-ten appearance since 2019.
Other brands frequently impersonated include Adobe, LinkedIn, Amazon, Booking.com, WhatsApp, and Facebook.
Phishing attacks trick people into giving up personal information—like passwords or credit card details—by pretending to be trusted brands. And attackers are getting smarter.
Technology brands remain the biggest targets. Cybercriminals use fake cloud, software, and login platforms to steal credentials and financial data.
“Cybercriminals continue to exploit the trust users place in well-known brands,” said Omer Dembinsky, Data Research Manager at Check Point. “The resurgence of Spotify and the surge in travel-related scams… show how phishing attacks are adapting to user behavior and seasonal trends.”
One major attack used a fake Spotify login page to steal user credentials and credit card data. This reflects a growing focus on entertainment and subscription services.
The travel sector was hit too. Booking.com saw a 1000% spike in phishing activity, with over 700 fake domains created in Q2. Many looked legitimate, using real user data and urgent-sounding domain names like “confirmation-id**.com.”
These scams are growing more personal and convincing.
Though global, the threat is very real for Nigerian businesses and users. Popular platforms like Microsoft 365, Google Workspace, Spotify, and WhatsApp are frequent targets.
To stay safe, companies should invest in email protection, employee training, and multi-factor authentication. Individuals should think twice before clicking unfamiliar links or entering credentials on suspicious sites.
