Cyber threat remains a big problem in the Netherlands. New figures from Check Point Software show that Dutch organizations were targeted by cyber attacks an average of 1,117 times per week in the second quarter of 2025. The healthcare sector was hit hardest, with an average of 3,138 attacks per week.
At the same time, there has been a clear increase in phishing campaigns in which cybercriminals impersonate well-known brands. Booking.com and Spotify have been notably abused in fake websites and phishing emails, according to an update of Check Point’s Brand Phishing report.
Researchers have observed a sharp rise in phishing attacks using brand impersonation. Cybercriminals are increasingly tailoring their methods to the digital behavior of users. Well-known names such as Microsoft, Google, and Apple remain the most frequently abused in phishing emails. Also notable is the return of Spotify to the phishing top 10 and a significant increase in fake websites imitating Booking.com.
In Q2 2025, more than 700 domain names were registered that imitate official Booking.com pages, often in the form of fake reservation or confirmation pages. Many of these sites contain personal information to mislead users and persuade them to interact.
Spotify was also used again in phishing campaigns. Attackers used fake login pages to try to gain access to usernames, passwords, and in some cases payment details.
Attackers use AI
According to Check Point, phishing campaigns are becoming increasingly convincing. Attackers use AI and abuse trusted brand names such as Booking.com and Spotify to mislead users. They do not limit themselves to well-known consumer brands: communications that appear to come from cloud providers or companies with which users regularly have contact are also forged. Examples include emails about verifying an email address or notifications that a mailbox is full.
To protect themselves, Check Point advises users to always check the web address and sender carefully before clicking on anything. It is important not to enter personal or payment details on suspicious pages, to activate multi-factor authentication, and to actively report suspicious websites.
In addition to phishing via brand imitation, the broader cyber threat continues to grow. The sectors most affected in the Netherlands are healthcare, utilities, and manufacturing.
According to the researchers, the large number of attacks on the healthcare sector indicates ongoing pressure. Cybercriminals often target institutions with limited security budgets and an abundance of sensitive patient and employee data.