Phishing remains the blunt instrument of choice for cybercriminals. And in Q2 2025, they wielded it with more precision (and more imagination) than ever. Microsoft is still the most mimicked brand online. But the bigger story may be who joined it.
Check Point Research’s Phishing Trends Q2 2025 report revealed a striking shift in attackers’ priorities: streaming services, travel platforms, and social networks are no longer second-tier targets. They’re front and centre.
Spotify, for instance, has re-entered the phishing charts after a six-year absence. Booking.com scams are proliferating. And trusted tech names like Google, Apple, and Adobe are still being bent into tools of deception.
Microsoft: Still the #1 Bait
Microsoft featured in a quarter of all phishing attempts last quarter, no surprise, perhaps, given the ubiquity of its cloud platforms in business and government.
Attackers often mimic Outlook and Microsoft 365 login pages, aiming to steal credentials that can unlock entire company networks. These campaigns are slick, convincing, and frequent.
Behind Microsoft, Google (11%) and Apple (9%) made up the rest of the top three. But further down the list, the rankings got interesting.
Spotify’s Comeback (Not in a Good Way)
In fourth place was Spotify, with 6% of phishing incidents. It hasn’t cracked the top 10 since Q4 2019. That changed in a big way this quarter.
A widespread campaign used a spoofed login page, was used to harvest account credentials. After entering their usernames and passwords, victims were pushed to a counterfeit payment page that asked for credit card details.
The site was polished. The design matched Spotify’s branding down to the pixel. It was a long con in a short space that worked.
The return of Spotify to the phishing spotlight marks a turning point. Attackers are now treating consumer entertainment brands with the same seriousness they once reserved for cloud platforms and banks.
Booking.com: Scams With a Personal Touch
Another worrying trend: the rise in fake Booking.com confirmations. In Q2 alone, researchers spotted more than 700 domains mimicking the travel giant, many using formats like confirmation-id1234.com.
That’s a 100-fold increase compared to previous quarters.
What made these scams more dangerous than most was their use of personal information. Names, emails, even phone numbers were embedded into fraudulent confirmation pages to boost believability and create a sense of urgency.
Victims were tricked into clicking links, entering payment information, or contacting fake customer service agents. Most of the spoofed domains were short-lived, but not before doing damage.
Full List: Top 10 Most Impersonated Brands in Q2 2025
- Microsoft – 25%
- Google – 11%
- Apple – 9%
- Spotify – 6%
- Adobe – 4%
- LinkedIn – 3%
- Amazon – 2%
- Booking – 2%
- WhatsApp – 2%
- Facebook – 2%
Tech, Social, Retail: No Sector Is Safe
The technology sector continues to be the top phishing target. But increasingly, it’s about more than just access to corporate networks.
Social platforms like LinkedIn, WhatsApp, and Facebook remain heavily spoofed. They’re rich sources of personal data and often serve as launchpads for further attacks.
Retailers and travel sites (Amazon, Booking.com, even airline portals) are also high on the list, especially around holidays or major sales events.
If a brand is embedded in daily digital life, it’s clearly fair game.
Exploiting Trust in Well-Known Brands
Omer Dembinsky, Data Research Manager at Check Point Software, says: “Cybercriminals continue to exploit the trust users place in well-known brands.”
He adds that the resurgence of Spotify and the surge in travel-related scams, particularly in light of the upcoming summer and school holiday travel, show how phishing attacks are adapting to user behaviour and seasonal trends. “Awareness, education, and security controls remain critical to reducing the risk of compromise.”
Staying One Step Ahead
Phishing isn’t going away. If anything, it’s becoming more targeted, more convincing, and more embedded in how we interact with the internet.
Check Point recommends a mix of common sense and technology:
- Turn on Multi-Factor Authentication (MFA): It won’t stop phishing, but it adds a crucial second layer.
- Think before you click: Especially on mobile. URLs and sender addresses can hide in plain sight.
- Educate your team: Phishing awareness training is still one of the cheapest, highest-return security investments.
- Deploy preventative tools: Solutions like Check Point Harmony Email use AI to stop phishing emails before they ever reach a user’s inbox.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.