Which brands are particularly frequently misused for phishing

Check Point Research (CPR) has published the Brand Phishing Ranking for the second quarter of 2025. The report describes the brands that are most frequently misused by cyber criminals to steal sensitive personal and financial data and highlights the constant evolution of phishing tactics. The Check Point Brand Phishing Ranking is published quarterly and is based on data from Check Point's ThreatCloud AI platform, the world's largest collaborative cyber threat intelligence network. The report analyzes phishing emails, fake websites and impersonation attempts across various vectors.

Microsoft remains the front runner

According to the report, Microsoft was again the most frequently attacked brand in Q2 2025, accounting for 25% of all phishing attempts. Google followed in second place with 11 percent and Apple was in third place with 9 percent. Remarkably, Spotify returned to the top 10 list for the first time since Q4 2019, taking fourth place with 6 percent of phishing activity. The technology sector thus remained the most imitated industry, followed by social networks and retail.

Omer Dembinsky, Data Research Manager at Check Point Software Technologies, comments: "Cyber criminals continue to exploit the trust that users place in well-known brands. The re-emergence of Spotify and the increase in travel-related scams, particularly around the summer and school vacations, show how phishing attacks adapt to user behavior and seasonal trends. Awareness, education and security controls remain crucial to reduce the risk of compromise."

Below you will find the brands that were most frequently targeted by phishing attacks in Q2 2025:

1. Microsoft - 25%
2. Google - 11%
3. Apple - 9%
4. Spotify - 6%
5. Adobe - 4%
6. LinkedIn - 3%
7. Amazon - 2%
8. Booking - 2%
9. WhatsApp - 2%
10. Facebook - 2%

Phishing attack pretends to be Spotify

One of the most high-profile phishing attacks this quarter targeted Spotify users. Hackers created a malicious login page that could be accessed at premiumspotify[.]abdullatifmoustafa0[.]workers.dev was set up and the users to activegate[.]online/id1357/DUVzTTavlOw/CgJiMcgc0fMOJY29SAg5JRoH? redirected. The malicious page mimicked the official Spotify login page, including authentic branding and design. Victims were asked to enter their usernames and passwords. They were then redirected to a fake payment page where an attempt was made to steal their credit card details. This campaign marks Spotify's first appearance in the phishing top charts since the fourth quarter of 2019, highlighting that entertainment services are now being exploited just as aggressively as technology platforms.

Another important trend in the second quarter was the sharp increase in phishing domains for Booking.com. Over 700 new domains with the format confirmation-id****.com registered. This represents an increase of 1000 percent compared to the beginning of the year. To add credibility and urgency, many of these domains contained real user data such as names and contact details. Although these websites were short-lived, they illustrate the increasing personalization and targeting capabilities of phishing campaigns.

Trend: Technology and digital platforms under attack

In the second quarter of 2025, the technology sector was still the industry most frequently targeted by phishing attacks. Tech giants, such as Microsoft, Google and Apple, continue to be prime targets due to their widespread use in authentication and productivity workflows.

Social media platforms, such as LinkedIn, WhatsApp and Facebook, also continue to be high-risk targets. The retail and travel sectors - including Amazon and Booking.com - have been exploited by attackers to capitalize on the seasonal shopping and travel business.

Source: www.checkpoint.com/