According to the report, Microsoft remained the most impersonated brand globally, appearing in 25% of phishing attempts. Google followed at 11%, with Apple at 9%. In a notable shift, Spotify reentered the top 10 for the first time since Q4 2019, ranking fourth at 6%.

The Technology sector remained the most targeted industry, followed by Social Networks and Retail platforms.

“Cybercriminals continue to exploit the trust users place in well-known brands. The resurgence of Spotify and the surge in travel-related scams, especially in light of summer and school holiday travel in the Northern Hemisphere, show how phishing attacks are adapting to user behavior and seasonal trends. Awareness, education, and security controls remain critical to reducing the risk of compromise,” said Omer Dembinsky, data research manager at Check Point Software.

Top 10 Targeted Brands in Q2 2025

Below are the brands most frequently targeted by phishing attacks during Q2 2025:

1. Microsoft – 25%
2. Google – 11%
3. Apple – 9%
4. Spotify – 6%
5. Adobe – 4%
6. LinkedIn – 3%
7. Amazon – 2%
8. Booking – 2%
9. WhatsApp – 2%
10. Facebook – 2%

Top 10 Personalities Driving Cybersecurity Revolution in 2025

Phishing Campaign Impersonating Spotify

One of the most prominent phishing attacks this quarter targeted Spotify users. Cybercriminals created a malicious login page, which replicated the official Spotify login experience, complete with authentic branding and design. Victims were asked to enter their usernames and passwords, which were then funneled to a fake payment page that attempted to steal credit card details as well.

This campaign marks Spotify’s first reappearance in phishing top charts since Q4 2019—and underscores how entertainment services are now being exploited just as aggressively as tech platforms.

Booking.com Confirmation Scam Surge

Another major trend in Q2 was the sharp increase in Booking.com-themed phishing domains, with over 700 new domains registered using the confirmation-id****.com format. This represents a 1000% increase compared to earlier in the year.

Sample phishing domain:

Many of these domains embedded real user data, such as names and contact details, to enhance credibility and urgency. Although these sites were short-lived, they illustrate the increasing personalisation and targeting capabilities of phishing campaigns.

Industry Trends: Technology and Digital Platforms Under Siege

The Technology sector continued to dominate as the most impersonated industry in phishing attacks during Q2 2025. Tech giants like Microsoft, Google, and Apple remain prime targets due to their widespread use in authentication and productivity workflows.

Social media platforms like LinkedIn, WhatsApp, and Facebook also remained high-risk targets. The Retail and Travel sectors—including Amazon and Booking.com—were exploited by attackers seeking to capitalise on seasonal shopping and travel activity.

The Check Point Brand Phishing Ranking is published quarterly and is based on data drawn from Check Point’s ThreatCloud AI platform—the world’s largest collaborative cyber threat intelligence network. The report analyses phishing emails, fake websites, and impersonation attempts across multiple vectors.

The collaboration aims to empower young women in Africa by equipping them with essential cybersecurity skills and knowledge through the innovative CyberGirls program.

At the heart of this partnership lies Check Point’s SecureAcademy program, which offers cutting-edge cyber educational content. This collaboration will integrate SecureAcademy’s courses into Cybersafe Foundation’s CyberGirls initiative, a one-year free program meticulously designed to provide technical skills to women aged 18 to 28. 

Cybersafe Foundation, dedicated to promoting cybersecurity awareness and ensuring digital safety, has tailored the CyberGirls program to bridge the gender gap in the industry. The initiative not only imparts hands-on training but also offers mentorship, certification preparation, and opportunities for internships and shadowing placements. 

Through this program, Cybersafe Foundation aims to uplift women in underserved African communities, improving their socio-economic status while addressing the escalating threat of cybercrime.

Confidence Staveley, the Founder and Executive Director of Cybersafe Foundation, expressed her enthusiasm about the partnership, stating, “We are extremely proud of the impact our programs have had on the lives of many of our fellows, helping young women gain access to life-changing opportunities. Our partnership with Check Point will contribute immensely to our disruptive educational model by providing free quality cybersecurity training to the CyberGirls community.”

Pankaj Bhula, Regional Director, Africa at Check Point, reiterated the role of education in combating cybercrime. He stated, “Education is fundamental to combating the increasing volume of cybercrime both at home and abroad. Partnerships such as this one are key in closing the skills gap and helping to create a future employee pipeline in the cybersecurity sector. We are thrilled to be partnering with an organization that has had so much success in not only this aspect but also one which has made a real impact on the lives of their fellows through upskilling and education.”

Through SecureAcademy, Check Point is already collaborating with more than 160 academic partners, benefiting over 45,000 students in over 60 countries. This initiative addresses the staggering 3.5 million cybersecurity job vacancies existing globally. Check Point’s partnership with Cybersafe Foundation marks a significant step towards a more secure digital future, ensuring that the next generation of cybersecurity professionals is well-equipped to face the challenges of our ever-evolving digital landscape.