Nearly nine out of 10 phishing attacks are designed to steal digital account credentials, highlighting the growing scale and sophistication of cybercrime, according to a new analysis by cybersecurity firm Kaspersky.
The report, which examined phishing and scam campaigns detected between January and September 2025, found that 88.5% of attacks targeted login details for online accounts. A further 9.5% sought personal data such as names, home addresses and dates of birth, while just 2% focused specifically on bank card information.
Kaspersky said millions of phishing links were clicked globally during the period under review, all of which were detected and blocked by its security solutions. However, the company warned that many users remain unprotected, allowing phishing to persist as one of the most widespread and damaging cyber threats.
Phishing attacks typically lure victims to fake websites that closely resemble legitimate platforms, tricking them into handing over usernames, passwords, personal details or payment information. Once stolen, this data is rarely used only once.
Kaspersky’s research shows that most phishing pages transmit stolen information through email, Telegram bots or attacker-controlled dashboards before it is funnelled into underground resale markets. Credentials gathered from multiple campaigns are often consolidated into large data dumps and sold on dark web forums, sometimes for as little as $50.
According to Kaspersky Digital Footprint Intelligence, the average price of stolen data in 2025 varied widely depending on the type and quality of access. Credentials for global internet portals sold for as little as $0.90, while access to crypto platforms averaged $105. Online banking credentials were among the most valuable, fetching around $350. Personal documents such as passports or national ID cards were sold for about $15 on average.
As datasets are enriched and cross-referenced, attackers are able to build detailed digital profiles of individuals. These profiles can later be used for targeted attacks against executives, finance teams, IT administrators or individuals with valuable financial assets and sensitive documents.
“Our analysis shows that credentials account for nearly 90% of phishing attempts,” said Olga Altukhova, senior web content analyst at Kaspersky. “Once collected, logins, passwords, phone numbers and personal details are aggregated, verified and resold — sometimes years after the initial theft. Even old credentials, when combined with new data, can enable account takeovers and highly targeted attacks.”
She added that attackers increasingly rely on open-source intelligence and historical breach data to create personalised scams, turning one-time victims into long-term targets for identity theft, blackmail and financial fraud.
To reduce the risk of phishing, Kaspersky advised users to be cautious with links and attachments received via email or messaging apps, to carefully verify senders, and to double-check website addresses before entering sensitive information.
The company also recommended installing comprehensive cybersecurity software, enabling multi-factor authentication on all supported accounts, and regularly reviewing account login history to identify suspicious activity.
