An analysis of phishing and scam campaigns from January through September 2025 found that 88,5% of attacks globally sought credentials for various online accounts. Another 9,5% targeted personal data such as names, addresses, and dates of birth, while 2% focused on bank card details.
According to data from Kaspersky, over 38-million phishing links were clicked in Africa in the previous year (from November 2024 to October 2025) – all of which were detected and blocked by Kaspersky solutions.
Not everyone uses protective solutions on their devices however, and phishing remains one of the most prevalent cyber threats, with attackers luring users to fake websites where they unwittingly surrender their login credentials, personal information, or bank card details.
Kaspersky research shows that most phishing pages transmit stolen information via email, Telegram bots, or attacker-controlled panels, before it enters underground resale channels.
Data stolen through phishing is rarely used only once: credentials from multiple campaigns are consolidated into data dumps and sold on dark web markets, in some cases for as little as $50. Buyers sort and verify the data to check whether accounts remain active and reusable across different services.
According to Kaspersky Digital Footprint Intelligence, average 2025 prices ranged from $0.90 for global Internet portals to $105 for crypto platforms and $350 for online banking access. Personal documents such as passports or ID cards sold for about $15 on average, with pricing influenced by account age, balance, linked payment methods, and security settings.
As datasets are enriched and combined, attackers can build detailed digital profiles that may later support targeted attacks on executives, finance staff, IT-administrators or individuals with valuable assets or personal documents.
“Our analysis shows that credentials account for nearly 90% of phishing attempts,” says Olga Altukhova, senior web content analyst at Kaspersky. “Once collected, logins, passwords, phone numbers, and personal details are aggregated, checked, and resold, sometimes years after the initial theft.
“Combined with new information, even old credentials can enable account takeovers and targeted attacks against both individuals and organisations. By leveraging open-source intelligence and old breach data, attackers can craft highly personalised scams, turning one-time victims into long-term targets for identity theft, blackmail, or financial fraud.”