Nearly 90% of phishing attacks worldwide are designed to steal login credentials for digital accounts, according to new research by Kaspersky, highlighting how cybercriminals increasingly focus on long-term access rather than immediate financial theft.
Kaspersky’s analysis of phishing and scam campaigns observed between January and September 2025 found that 88.5% of attacks targeted credentials for online accounts, while 9.5% focused on personal data such as names, addresses, and dates of birth. Only 2% of phishing campaigns targeted bank card details, the report said.
Phishing remains one of the most widespread cyber threats
According to Kaspersky, millions of phishing links were clicked during the previous year, all of which were detected and blocked by the company’s security solutions. However, the firm noted that many users still lack adequate protection, allowing phishing attacks to remain one of the most common and effective cyber threats.
Also Read: QR phishing attacks surge fivefold in late 2025: Kaspersky
Attackers typically lure users to fake websites that closely resemble legitimate services, tricking them into entering usernames, passwords, personal information, or payment details. Stolen data is then transmitted through email, messaging platforms such as Telegram, or attacker-controlled dashboards before being prepared for resale.
Stolen credentials resold on underground markets
Kaspersky’s research shows that data obtained through phishing is rarely used only once. Credentials collected from multiple campaigns are often combined into large datasets and sold on underground marketplaces, sometimes for as little as $50 per bundle.
According to Kaspersky Digital Footprint Intelligence, average prices in 2025 ranged from about $0.90 for access to global internet portals, $105 for cryptocurrency platform accounts, and up to $350 for online banking access. Personal documents, including passports and ID cards, sold for an average of $15, with prices influenced by factors such as account age, balances, linked payment methods, and security settings.
Long-term risks from reused and enriched data
As stolen datasets are enriched and merged, attackers can build detailed digital profiles of individuals. These profiles may later be used in targeted attacks against executives, finance staff, IT administrators, or individuals with valuable assets or sensitive documents.
“Our analysis shows that credentials account for nearly 90% of phishing attempts,” said Olga Altukhova, senior web content analyst at Kaspersky. She noted that even older credentials can remain valuable when combined with new data, enabling account takeovers, identity theft, blackmail, or financial fraud years after the initial compromise.
Security recommendations
To reduce phishing risks, Kaspersky advises users to avoid clicking on links or opening attachments from unknown or suspicious sources, carefully verify senders, and double-check website addresses before entering personal or financial information.
The company also recommends enabling multi-factor authentication wherever available, regularly reviewing account login activity, and closing any suspicious sessions to limit potential damage from compromised credentials.
Today's E-Paper