Why Microsoft, Google, and Apple Were Top Phishing Targets in Q2 2025

If you received an email recently asking you to log into your Microsoft or Google account and it felt just a little bit off, you’re not alone. In the second quarter of 2025, cybercriminals focused heavily on impersonating some of the world’s biggest tech brands to trick people into giving up their login details and personal information.

A new report by Check Point Research reveals that Microsoft, Google, and Apple were the most targeted companies in global phishing attacks between April and June this year.

According to the report, Microsoft was the number one target, appearing in a massive 25% of all phishing attempts. Google followed with 11%, while Apple came in third with 9%. 

The reason? People trust these brands. And cybercriminals know that if they pretend to be one of them, there’s a good chance someone will click without thinking twice.

But it wasn’t just the tech giants that were hit. Spotify made a surprising comeback into the top 10 most impersonated brands, its first appearance since 2019, landing in fourth place with 6% of phishing activity. 

Attackers created fake login and payment pages that looked almost identical to the real Spotify site, stealing both passwords and credit card information from unsuspecting users.

Other major brands targeted included Adobe, LinkedIn, Amazon, Booking.com, WhatsApp, and Facebook. From fake invoices to bogus login requests, attackers are getting more creative and more convincing.

The most interesting part of this trend is that it follows human behavior. As people turned to music and streaming platforms like Spotify, or booked vacations using services like Booking.com, scammers followed the same pattern. 

In fact, Booking.com saw a 1000% spike in phishing domains, many of which used real customer names and confirmation-style web addresses to make the scams seem authentic.

So, why are tech companies still the biggest targets? It’s simple, users rely on them every day. From cloud storage to email and team collaboration tools, platforms like Microsoft 365 and Google Workspace hold the keys to both personal and business data. Hackers take advantage of this trust, building realistic-looking emails and login pages to trick users into handing over credentials.

For Nigerian users, the warning is just as serious. As more local businesses and individuals adopt these global platforms, they become just as vulnerable to these phishing campaigns. 

A fake Microsoft email here or a bogus Spotify login there can easily lead to stolen passwords, hijacked accounts, or worse, financial loss and data breaches.

To stay safe, both companies and individuals should take phishing threats seriously. That means enabling two-factor authentication, double-checking email addresses before clicking links, and investing in proper cybersecurity tools.

For businesses, regular training for staff can also help spot red flags before it’s too late.

Phishing isn’t going away anytime soon. As long as people trust these big brands, scammers will keep using them as bait.