Islamabad:
Russian cybersecurity firm Kaspersky has warned that phishing and scam campaigns remained the dominant cyber threat in 2025, with nearly 89 percent of attacks aimed at stealing login credentials for online accounts.
In a report released on Wednesday, Kaspersky said its analysis of global phishing and scam campaigns showed that 88.5 percent of cyberattacks were designed to capture usernames and passwords linked to email, social media and other digital services. Another 9.5 percent targeted personal data such as names, home addresses and dates of birth, while 2 percent focused on stealing bank card details.
The company said millions of phishing links were clicked worldwide during the year, all of which were detected and blocked by Kaspersky’s security solutions. However, it warned that phishing remains one of the most widespread cyber risks, particularly for users without adequate digital protection.
“Attackers continue to lure victims to fake websites where they unknowingly hand over credentials, personal information or financial details,” the report said.
Kaspersky researchers noted that stolen data is commonly transmitted through email, Telegram bots or attacker-controlled dashboards before being funnelled into underground resale markets. Such information is often reused, with credentials from multiple campaigns bundled into data dumps and sold on dark web platforms for as little as $50.
According to Kaspersky Digital Footprint Intelligence, prices in 2025 ranged from $0.90 for access to global internet portals to $105 for crypto platforms, while online banking access fetched up to $350. Personal identification documents, including passports and ID cards, were sold for an average of $15, depending on factors such as account age, balance and security settings.
As stolen datasets are merged and enriched, cybercriminals are able to create detailed digital profiles that can later be used for targeted attacks on executives, finance professionals, IT administrators and individuals holding valuable assets, the report added.
To reduce phishing risks, Kaspersky advised users to avoid clicking on suspicious links or downloading attachments received through emails and messaging platforms, urging greater vigilance as cyber scams continue to evolve.
