Kaspersky has traced the entire journey of information stolen in phishing campaigns, from its collection to its final exploitation, revealing how phishing becomes a valuable asset for financial fraud, identity theft or extortion. Some accounts obtained through phishing, such as bank or cryptocurrency accounts, reach average prices of $350 and $105 respectively, and personal documents obtained through phishing sell for about $15 on average.

More than 131 million phishing links have been detected by Kaspersky solutions in Europe during 2025, confirming that phishing remains one of the most common and effective cyber threats. Despite its apparent simplicity, phishing continues to work because it is not always perceived as a real threat: once the victim hands over their data through phishing, it is not only used immediately, but stored, analyzed and sold as valuable products on the dark web.

Phishing platforms as a service

According to Kaspersky experts, 88.5% of phishing cyber attacks have aimed at the theft of access credentials to online accounts; 9.5%, the collection of personal data such as name, address or date of birth through phishing; and 2%, banking information obtained through phishing. This data, once stolen through phishing, becomes part of “platforms as a service” created by the cybercriminals themselves, where it is processed, grouped and commercialized in an automated manner using their own infrastructure or legitimate web development tools.

Data leaked through phishing is not used just once. They can circulate for years and serve multiple types of fraud.

Validated data from phishing campaigns is packaged and sold on underground forums as dumps. Some accounts, such as bank or cryptocurrency accounts compromised by phishing, reach average prices of $350 and $105 respectively. Personal documents obtained through phishing ($15 on average) or access to government portals ($82.5) are also trafficked. To increase its value, criminals combine different phishing sources into what are known as “digital dossiers”, which allow more precise scam campaigns to be launched, such as cyberattacks aimed at senior executives (whaling).

“Data leaked through phishing is not used just once. It can circulate for years and serve multiple types of fraud. That is why it is essential to understand how these phishing networks work and what can be done to stop their reach,” says Olga Altukhova, security expert at Kaspersky.

It is possible to consult the full report on Securelist. To prevent fraudulent use of data stolen through phishing, Kaspersky experts recommend the following measures:

• Immediately block affected bank cards by contacting the issuing entity.

• Change all passwords linked to phishing incidents, using unique and secure keys, and activate two-step verification.

• Review active sessions in apps, online services or banking platforms to detect suspicious access related to phishing.

• Install reliable security solutions that monitor potential data leaks and protect against phishing pages.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.