Phishing remains one of the most widespread cyber threats worldwide, with nearly 90 percent of attacks focused on stealing digital account credentials, according to new research by Kaspersky. The company analyzed phishing and scam campaigns between January and September 2025, highlighting how login details, personal data, and financial information are being harvested and resold across underground markets.
Kaspersky reported that 88.5 percent of phishing attempts sought credentials for online accounts, while 9.5 percent targeted personal information such as names, addresses, and dates of birth. Another 2 percent focused on bank card details. The findings underscore the scale of credential theft and its role in fueling identity fraud, financial scams, and targeted cyberattacks.
How stolen data is used and sold
The report noted that millions of phishing links were clicked last year, though Kaspersky solutions blocked them. Not all users have protective software, leaving many vulnerable to fake websites designed to capture sensitive information. Stolen data is typically transmitted via email, Telegram bots, or attacker-controlled panels before entering resale channels.
Also Read: Telecom cyber risks set to continue into 2026 amid new technologies, warns Kaspersky
Credentials are rarely used only once. Instead, they are consolidated into data dumps and sold on dark web markets, sometimes for as little as $50. Buyers verify whether accounts remain active and reusable across different services. Prices in 2025 ranged from $0.90 for global internet portals to $105 for cryptocurrency platforms and $350 for online banking access. Personal documents such as passports or ID cards averaged $15.
Risks of long-term exploitation
Kaspersky warned that attackers often enrich datasets with additional information, building detailed digital profiles that can support targeted attacks against executives, finance staff, IT administrators, or individuals with valuable assets. Even old credentials can be reused in account takeovers when combined with new breach data.
“Our analysis shows that credentials account for nearly 90% of phishing attempts,” said Olga Altukhova, senior web content analyst at Kaspersky. “Once collected, logins, passwords, phone numbers, and personal details are aggregated, checked, and resold, sometimes years after the initial theft.”
Recommendations for protection
To reduce risks, Kaspersky advises users not to trust links or attachments received by email or messaging apps, and to verify websites before entering personal or financial information. The company recommends installing comprehensive cybersecurity solutions, enabling multi-factor authentication, and regularly checking account login history to detect suspicious activity.
