• 8.5% of attacks sought credentials for various online accounts
• 9.5% phishing attacks targeted personal data such as names, addresses, and dates of birth
• 2% cyber scam campaigns focused on bank card details
• Average 2025 prices of stolen data ranged from $0.90 for global internet portals to $105 for crypto platforms and $350 for online banking access
• Personal documents such as passports or ID cards sold for about $15 on average
Kaspersky analyzed phishing and scam campaigns observed from January through September 2025 and found that 88.5% of attacks sought credentials for various online accounts. Another 9.5% targeted personal data such as names, addresses, and dates of birth, while 2% focused on bank card details.
According to data from Kaspersky, millions of phishing links were clicked in the previous year– all of which were detected and blocked by Kaspersky solutions. Not everyone uses protective solutions on their devices however, and phishing remains one of the most prevalent cyber threats, with attackers luring users to fake websites where they unwittingly surrender their login credentials, personal information, or bank card details.
Kaspersky research shows that most phishing pages transmit stolen information via email, Telegram bots, or attacker-controlled panels, before it enters underground resale channels.
Data stolen through phishing is rarely used only once: credentials from multiple campaigns are consolidated into data dumps and sold on dark web markets, in some cases for as little as $50. Buyers sort and verify the data to check whether accounts remain active and reusable across different services. According to Kaspersky Digital Footprint Intelligence, average 2025 prices ranged from $0.90 for global internet portals to $105 for crypto platforms and $350 for online banking access. Personal documents such as passports or ID cards sold for about $15 on average, with pricing influenced by account age, balance, linked payment methods, and security settings.
As datasets are enriched and combined, attackers can build detailed digital profiles that may later support targeted attacks on executives, finance staff, IT-administrators or individuals with valuable assets or personal documents.
“Our analysis shows that credentials account for nearly 90% of phishing attempts. Once collected, logins, passwords, phone numbers, and personal details are aggregated, checked, and resold, sometimes years after the initial theft. Combined with new information, even old credentials can enable account takeovers and targeted attacks against both individuals and organizations. By leveraging open-source intelligence and old breach data, attackers can craft highly personalized scams, turning one-time victims into long-term targets for identity theft, blackmail, or financial fraud,” said Olga Altukhova, senior web content analyst at Kaspersky.
To reduce the risks associated with phishing, Kaspersky recommends that users should not trust links or attachments received by email or messages. Always check the sender carefully before opening anything and double-check websites before entering any personal or financial information.
To stay protected, install a comprehensive cybersecurity solution. Kaspersky Premium protects users from fraudulent activities through advanced detection technology that analyzes website characteristics and URLs to identify suspicious patterns. Enable multi-factor authentication for all accounts that support it. Check account login history and active sessions regularly and terminate any suspicious activity.
