According to new data from Kaspersky, over 117 million phishing links were clicked in the APAC region in 2025 – all of which were detected and blocked by Kaspersky solutions. Not everyone uses protective solutions on their devices however, and phishing remains one of the most prevalent cyber threats, with attackers luring users to fake websites where they unwittingly surrender their login credentials, personal information, or bank card details. Kaspersky experts traced the data stolen in phishing attacks, highlighting how cybercriminals use this data on underground markets. The analysis uncovers the tools and processes used to collect, verify, and monetize stolen credentials, personal details, and financial data, emphasizing the enduring risks to victims years after the initial breach, a press release said.
According to Kaspersky’s findings, a staggering 88.5% of phishing attacks targeted online account credentials, 9.5% were focused on personal data such as names, addresses, and dates of birth, and 2% were aimed at bank card information. Once captured, these personal details are funneled through specialized automated systems which help to manage large amounts of data. These systems are offered as a Platform-as-a-Service (PaaS) and are either created by the attackers themselves or based on legitimate frameworks for creating websites or apps.
An example of an administration panel through which stolen data is managed According to Kaspersky Digital Footprint Intelligence, attackers consolidate stolen data into “dumps” – large batches of verified information – often priced on dark web forums at $50 or less for bulk sales. Higher-value accounts fetch premium prices: cryptocurrency platforms average $105, banking accounts – $350, e-government portals – $82.50, and personal documents – $15. Data is meticulously verified using scripts to check its validity across services and is then combined into comprehensive “digital dossiers” that enhance its worth for targeted attacks, such as whaling schemes against high-profile individuals.
“Stolen data evolves into a persistent weapon for cybercriminals. By leveraging open-source intelligence and old breach data, attackers can craft highly personalized scams, turning one-time victims into long-term targets for identity theft, blackmail, or financial fraud,” comments Olga Altukhova, security expert at Kaspersky.
To reduce long-term exposure after a phishing incident, Kaspersky advises users to take immediate and coordinated action. This includes blocking compromised bank cards through their financial institutions, securing affected accounts by changing passwords to strong, unique combinations and enabling multi-factor authentication wherever available, and reviewing active sessions across messaging platforms, online banking, and other digital services. The use of trusted security solutions is also critical to protecting devices and monitoring for potential data leaks, helping to limit the lasting impact of stolen information.
The full report is available on Securelist.
