Breaking News
A.R.B.J Rajapaksha
A.R.B.J Rajapaksha
Jan 02 2026
24According to new data from Kaspersky, over 117 million phishing links were clicked in the APAC region in 2025 – all of which were detected and blocked by Kaspersky solutions. Not everyone uses protective solutions on their devices however, and phishing remains one of the most prevalent cyber threats, with attackers luring users to fake websites where they unwittingly surrender their login credentials, personal information, or bank card details.
Kaspersky experts traced the data stolen in phishing attacks, highlighting how cybercriminals use this data on underground markets. The analysis uncovers the tools and processes used to collect, verify, and monetize stolen credentials, personal details, and financial data, emphasizing the enduring risks to victims years after the initial breach.
According to Kaspersky's findings, a staggering 88.5% of phishing attacks targeted online account credentials, 9.5% were focused on personal data such as names, addresses, and dates of birth, and 2% were aimed at bank card information. Once captured, these personal details are funneled through specialized automated systems which help to manage large amounts of data. These systems are offered as a Platform-as-a-Service (PaaS) and are either created by the attackers themselves or based on legitimate frameworks for creating websites or apps.
According to Kaspersky Digital Footprint Intelligence, attackers consolidate stolen data into "dumps" – large batches of verified information – often priced on dark web forums at $50 or less for bulk sales. Higher-value accounts fetch premium prices: cryptocurrency platforms average $105, banking accounts – $350, e-government portals – $82.50, and personal documents – $15. Data is meticulously verified using scripts to check its validity across services and is then combined into comprehensive "digital dossiers" that enhance its worth for targeted attacks, such as whaling schemes against high-profile individuals.
"Stolen data evolves into a persistent weapon for cybercriminals. By leveraging open-source intelligence and old breach data, attackers can craft highly personalized scams, turning one-time victims into long-term targets for identity theft, blackmail, or financial fraud," comments Olga Altukhova, security expert at Kaspersky.
To mitigate these risks, Kaspersky recommends users: Block compromised bank cards by contacting your financial institution. Change passwords across accounts that are suspected of compromise using unique combinations and enable multi-factor authentication (MFA) wherever possible. Review active sessions in messaging apps, online banking, and other services. Utilize trusted security solutions to protect your devices and monitor for data leaks. The full report is available on Securelist.
