In 2025, Kaspersky's solutions detected and prevented more than 117 million clicks on fake links (phishing - online phishing, forging websites, emails or familiar services to lure users to provide information) in the Asia-Pacific region (APAC).
Cybersecurity experts have tracked the traces of stolen data from phishing attacks, thereby exposing the methods cybercriminals exploit and trade this data on black markets.
The analysis from Kaspersky experts also reveals the tools and procedures that criminals use to collect, verify and make money from stolen login information, personal data, and financial data. Notably, the risk to victims does not only stop at the time of the incident, but can also last for many years afterwards.
According to analysis results, up to 88.5% of phishing attacks target online account login information, 9.5% focus on personal data such as name, address, date of birth, and 2% directly target bank card information.
After being stolen, these data are not processed manually but are put into specialized automated systems, helping criminals manage and process a huge amount of data.
These systems operate as a service platform, which is self-developed or built by cybercriminals based on legitimate development platforms and tools available in website and application development.
According to records from Kaspersky Digital Footprint Intelligence, attackers often gather stolen data into "dumps" - large batches of verified data. On dark web forums, these batches are often sold in bulk at prices from only 50 USD or less.
However, high-value accounts will be sold at much higher prices, for example, an average of 105 USD for virtual currency-related accounts, about 350 USD for bank accounts, about 82.5 USD for e-government service portals, about 15 USD for personal papers (ID card/CCCD, passport...).
Before the transaction, the stolen data will be checked very carefully by auto-scripts to confirm whether the information is still usable on the services or not.
Then, they are compiled into complete "digital dossiers", helping to multiply the value of data. These dossiers will then be used in targeted attacks, typically whaling - fraud aimed at individuals with positions or large assets.
To proactively defend and minimize risks, Kaspersky recommends users:
- Immediately lock the leaked bank card by contacting the bank or financial institution.
- Change the passwords of accounts suspected of being hacked, use different passwords for each service and uncheck multiple-factor authentication (MFA) whenever possible.
- Review active login sessions on messaging applications, online banking and other important services.
- Use reliable security solutions to protect devices and track data leakage risks.
