Phishing Trends Q2 2025: Microsoft Maintains Top Spot, Spotify Reenters as a Prime Target

Phishing continues to be a powerful tool in the cyber criminal arsenal. In the second quarter of 2025, attackers doubled down on impersonating the world’s most trusted brands—those that millions of people rely on every day. From tech giants to streaming services and travel platforms, no digital brand is immune to being spoofed.

Below, we explore the latest data from Check Point Research’s Q2 2025 Brand Phishing report, uncovering key trends, industry targets, and the most alarming campaigns of the quarter.

Key Highlights from Q2 2025

• Microsoft remained the most impersonated brand, involved in 25% of phishing attacks.
• Google came in second with 11%, and Apple followed closely at 9%.
• Spotify made a surprising return to the top 10 for the first time since Q4 2019, claiming fourth place (6%).
• The technology sector continues to be the most targeted, followed by social networks and retail.

Top 10 Targeted Brands in Q2 2025

The following brands were the most frequently impersonated in phishing attempts throughout the second quarter of 2025:

1. Microsoft – 25%
2. Google – 11%
3. Apple – 9%
4. Spotify – 6%
5. Adobe – 4%
6. LinkedIn – 3%
7. Amazon – 2%
8. Booking – 2%
9. WhatsApp – 2%
10. Facebook – 2%

Spotify Phishing Scam: A Return After Six Years

In one of the quarter’s most notable campaigns, cyber criminals impersonated Spotify to lure users into a credential-harvesting trap. The phishing site was hosted at: premiumspotify[.]abdullatifmoustafa0[.]workers.dev, which redirects users to activegate[.]online/id1357/DUVzTTavlOw/CgJiMcgc0fMOJY29SAg5JRoH?.

The malicious page replicated the official Spotify login experience, complete with authentic branding and design. Victims were asked to enter their usernames and passwords, which were then funneled to a fake payment page that attempted to steal credit card details as well.

This campaign marks Spotify’s first reappearance in phishing top charts since Q4 2019—and underscores how entertainment services are now being exploited just as aggressively as tech platforms.

Booking.com Scam: A Surge in Fake Confirmations

Another trend that stood out in Q2 was the sophisticated impersonation of Booking.com.

Check Point researchers detected over 700 newly registered domains using the format confirmation-id****.com — a number 100 times higher than in previous quarters.

These domains hosted subpages such as:

What made these scams particularly dangerous was the inclusion of personalized details (name, email, phone number) to make the booking confirmation pages appear authentic and urgent. All sites were short-lived and have since been taken down.

Technology Sector Continues to Be the Prime Target

The technology sector remains the top target for phishing campaigns. With platforms like Microsoft 365, Gmail, and iCloud central to users’ digital lives, attackers see these brands as gateways to everything from business credentials to personal data.

Social networks (LinkedIn, WhatsApp, Facebook) and retail/travel platforms (Amazon, Booking.com) are also regularly spoofed, especially when attackers aim to exploit users’ trust in day-to-day services.

How to Stay Protected from Phishing in 2025

With phishing tactics becoming more targeted and deceptive, it’s essential to stay ahead of attackers. Here’s how users and organizations can reduce their risk:

• Enable Multi-Factor Authentication (MFA) on all accounts.
• Inspect URLs and email senders carefully before clicking or submitting information.
• Educate employees with phishing awareness training.
• Deploy advanced protection like Check Point Harmony Email, which uses AI to stop phishing emails before they reach the inbox.