New data from Kaspersky reveals that in 2025, over 117 million phishing links were clicked in the Asia-Pacific (APAC) region. Fortunately, these were detected and blocked by Kaspersky’s protective solutions. However, not all users implement such protective measures, leaving phishing as a significant cyber threat. Through these attacks, users are often redirected to fraudulent websites where they unknowingly provide their login credentials, personal information, or banking details.

Kaspersky experts have traced the data stolen in phishing attacks, shedding light on how cybercriminals exploit this information in underground markets. Their analysis reveals the tools and methodologies used to collect, verify, and monetize stolen credentials, emphasizing the long-term risks faced by victims long after the initial data breach.

The findings indicate that a staggering 88.5% of phishing attacks targeted online account credentials, 9.5% focused on personal data such as names, addresses, and dates of birth, while 2% were directed at bank card information. Once captured, these details are processed through specialized automated systems designed to handle large datasets. These systems are offered as a Platform-as-a-Service (PaaS) and are either developed by the attackers or based on legitimate frameworks for web and app development.

According to Kaspersky Digital Footprint Intelligence, attackers consolidate the stolen data into “dumps”—large batches of verified information—often sold on dark web forums for $50 or less in bulk. Higher-value accounts fetch premium prices: cryptocurrency platforms average $105, banking accounts $350, e-government portals $82.50, and personal documents $15. The data is meticulously verified using scripts to ensure its validity across services, and it is compiled into comprehensive “digital dossiers” that enhance its value for targeted attacks, such as whaling schemes against high-profile individuals.

“Stolen data evolves into a persistent weapon for cybercriminals. By leveraging open-source intelligence and old breach data, attackers can craft highly personalized scams, turning one-time victims into long-term targets for identity theft, blackmail, or financial fraud,” remarks Olga Altukhova, a security expert at Kaspersky.

To mitigate these risks, Kaspersky advises users to take the following actions: block compromised bank cards by contacting financial institutions, change passwords across potentially compromised accounts using unique combinations, and enable multi-factor authentication (MFA) wherever possible. Additionally, users should review active sessions in messaging apps, online banking, and other services. It’s also crucial to utilize trusted security solutions to protect devices and monitor for data leaks. The full report is available on Securelist.