Microsoft, Google, and Apple remain top impersonated brands as cybercriminals exploit seasonal trends and digital trust across industries
Check Point Research (CPR), the intelligence division of Check Point® Software Technologies, has released its Q2 2025 Brand Phishing Ranking, revealing the most commonly impersonated brands by cybercriminals. Microsoft held the top spot again, featuring in 25% of all phishing attempts. Notably, Spotify reentered the top 10 for the first time since 2019, ranking fourth with 6% of phishing activity—reflecting how attackers are increasingly targeting entertainment platforms alongside tech giants.
Google and Apple followed Microsoft in second and third place, with 11% and 9% respectively. Other frequently spoofed brands included Adobe, LinkedIn, Amazon, and Booking.com—spanning industries from tech and social media to retail and travel.
“Cybercriminals continue to exploit the trust users place in well-known brands. The resurgence of Spotify and surge in travel-related scams show how phishing attacks are adapting to user behavior and seasonal trends.”
— Omer Dembinsky, Check Point Research
One of the standout phishing campaigns this quarter mimicked Spotify’s login and payment experience through a malicious domain (premiumspotify[.]abdullatifmoustafa0[.]workers.dev). Victims were tricked into providing credentials and payment information via a fake interface that closely resembled Spotify’s official platform.
In parallel, Booking.com-themed phishing scams spiked dramatically. Over 700 fake domains using formats like confirmation-id***.com* were detected—a staggering 1000% increase since earlier this year. Many of these domains embedded real user data, enhancing their credibility and urgency.
“Tech platforms remain the most targeted, but we’re also seeing a sharp rise in phishing related to travel and entertainment—especially as summer vacations and school breaks boost digital activity,” said Omer Dembinsky, Data Research Manager at Check Point Software. “Brands with high user engagement are prime targets, and phishing techniques are becoming more personalized and sophisticated.”
Check Point’s quarterly Brand Phishing Ranking is based on data from its ThreatCloud AI platform, the world’s largest collaborative cyber threat intelligence network. It analyses email phishing, fake websites, and impersonation attempts across industries.
With phishing attacks continuing to evolve, Check Point emphasizes the need for multi-layered protection, user awareness, and adaptive cybersecurity strategies—especially as AI-powered threats grow more deceptive and scalable.
