A new report by Check Point Research has raised the alarm on a growing wave of phishing scams globally, revealing that Microsoft, Google, and Spotify were the most impersonated brands between April and June 2025.
Findings of the report, revealed that Microsoft was the most impersonated brand, accounting for 25 percent of all phishing attempts globally during the second quarter of the year. Google followed at 11 percent while Apple took third place with nine percent.
Spotify, an entertainment and subscription platform, made a surprising return to the top ranks, highlighting a shift in attacker strategy toward streaming and digital content services.
Check Point noted that technology remains the most targeted sector, as cybercriminals exploit user trust in cloud-based tools, authentication platforms, and productivity software to steal sensitive data, particularly login credentials and financial information.
In Nigeria, where Microsoft 365 and Google Workspace are widely used by corporate teams, schools, and startups, the implications are especially dire.
Reacting to the findings of the report, the data research manager at Check Point Software, Omer Dembinsky, stated that cybercriminals continue to exploit the trust users place in well-known brands.
“The resurgence of Spotify and the surge in travel-related scams, especially during the Northern Hemisphere’s holiday season, show how phishing attacks are adapting to user behavior and seasonal trends,” Dembinsky stated.
One notable phishing campaign mimicked Spotify’s login and payment pages. Unsuspecting users were tricked into entering their login details and redirected to fake payment portals that harvested credit card information. This tactic reflects a broader trend of phishing campaigns targeting entertainment platforms as more users turn to them for content consumption.
The travel sector also witnessed a dramatic increase in phishing activity. Over 700 Booking.com-themed phishing domains were detected in Q2 alone, many using realistic formats such as “confirmation-id**.com” and embedding real names or contact information to boost credibility. This personalized approach makes it harder for users to detect fraud and marks a new level of sophistication in phishing techniques.
While these scams are global, Nigerian digital users are not exempt. With growing digital adoption and a rising number of online transactions, phishing attacks targeting Nigerian businesses and individuals are becoming more frequent and effective.
The report urged Nigerian organizations to invest in robust cybersecurity measures, including email filtering, employee training, and multi-factor authentication.
For individuals, the report recommends extreme caution when clicking on links or entering login credentials, especially when prompted by unsolicited emails, urgent messages, or unfamiliar websites. Vigilance is crucial, as phishing remains one of the most scalable and damaging cyberattack methods in today’s digital landscape.
