Kaspersky: 88.5% of phishing attacks focus on stealing account credentials

Kaspersky analyzed phishing and scam campaigns observed from January through September 2025 and found that 88.5% of attacks sought credentials for various online accounts. Another 9.5% targeted personal data such as names, addresses, and dates of birth, while 2% focused on bank card details. 

According to data from Kaspersky, over 47 million phishing links were clicked in the Middle East region in the previous year (from November 2024 to October 2025) – all of which were detected and blocked by Kaspersky solutions. Not everyone uses protective solutions on their devices however, and phishing remains one of the most prevalent cyber threats, with attackers luring users to fake websites where they unwittingly surrender their login credentials, personal information, or bank card details. 

Distribution of attacks by type of data being targeted

Kaspersky research shows that most phishing pages transmit stolen information via email, Telegram bots, or attacker-controlled panels, before it enters underground resale channels. 

Data stolen through phishing is rarely used only once: credentials from multiple campaigns are consolidated into data dumps and sold on dark web markets, in some cases for as little as $50. Buyers sort and verify the data to check whether accounts remain active and reusable across different services. According to Kaspersky Digital Footprint Intelligence, average 2025 prices ranged from $0.90 for global internet portals to $105 for crypto platforms and $350 for online banking access. Personal documents such as passports or ID cards sold for about $15 on average, with pricing influenced by account age, balance, linked payment methods, and security settings.

As datasets are enriched and combined, attackers can build detailed digital profiles that may later support targeted attacks on executives, finance staff, IT-administrators or individuals with valuable assets or personal documents.

“Our analysis shows that credentials account for nearly 90% of phishing attempts. Once collected, logins, passwords, phone numbers, and personal details are aggregated, checked, and resold, sometimes years after the initial theft. Combined with new information, even old credentials can enable account takeovers and targeted attacks against both individuals and organizations. By leveraging open-source intelligence and old breach data, attackers can craft highly personalized scams, turning one-time victims into long-term targets for identity theft, blackmail, or financial fraud,” said Olga Altukhova, senior web content analyst at Kaspersky.

To reduce the risks associated with phishing, users should follow a few safety recommendations:

●    Do not trust links or attachments received by email or messages. Always check the sender carefully before opening anything.

●    Double-check websites before entering any personal or financial information. Make sure the URL is correct and watch for spelling errors or visual inconsistencies.

●    Even when precautions are in place, review bank and card statements regularly and report any suspicious transactions to your financial institution immediately.

●    If account credentials are stolen, change the password for the affected account and for any other services where the same or similar password was used. Use a unique password for each account.

●    To stay protected, install a comprehensive cybersecurity solution. Kaspersky Premium protects users from fraudulent activities through advanced detection technology that analyzes website characteristics and URLs to identify suspicious patterns.

●    Enable multi-factor authentication for all accounts that support it.

●    Check account login history and active sessions regularly and terminate any suspicious activity.

●    If a messaging or social media account is compromised, inform contacts that fraudulent messages may be sent in your name.