According to Kaspersky’s analysis, 88.5 percent of phishing and scam campaigns in 2025 were aimed at stealing login credentials for online accounts.
Kaspersky has investigated phishing and scam campaigns observed between January and September 2025. The results show that the vast majority of attacks do not target individual data points, but rather complete access to accounts. In addition to the 88.5 percent that attempted to obtain login credentials, 9.5 percent targeted personal information such as name, address, and date of birth. Only two percent of the attacks targeted bank card details.
Sale of stolen data
According to the research, stolen data is usually forwarded via email, Telegram bots, or dashboards managed by attackers. Afterwards, they often end up on underground marketplaces. Data is rarely used only once. Login credentials from different campaigns are merged into data files and resold on the dark web, sometimes for amounts starting at $50.
read also
New Phishing Tactic Exploits Web Forms on Corporate Websites
Kaspersky Digital Footprint Intelligence states that prices varied greatly in 2025. Access to general internet services was sold for an average of $0.90 per account. Accounts for crypto platforms fetched an average of $105. Access to online banking was traded for an average of $350. Personal documents, such as passports or identity cards, had an average price of approximately $15. Factors such as account age, balance, linked payment methods, and security settings influence the value.
Basis for targeted attacks
By enriching and combining datasets, attackers can build extensive digital profiles. These profiles form a basis for targeted attacks on, among others, directors, financial employees, and IT administrators. People with valuable assets or sensitive documents are also at risk.
read also
Gartner: AI Browser Still Too Risky for Businesses
According to Olga Altukhova, senior web content analyst at Kaspersky, this explains why login credentials play such a central role. Attackers benefit more from long-term access than from individual data points. Moreover, data can be reused years later, for example in account takeovers or targeted fraud.