Internet fraudsters appear to have changed their modus operandi, turning to more targeted attacks, according to Kaspersky's annual report on trends in online fraud and phishing for 2025.
Based on the report's findings, the targets of these attacks are no longer limited to stealing personal login details. Instead, phishers have also turned to stealing biometric data, such as facial photos, in order to bypass identity verification.
At the same time, online fraudsters are increasingly adapting their methods to each region, exploiting entertainment platforms, public services, artificial intelligence tools, and messaging apps to steal credentials and deceive users.
2025 in numbers
More specifically, according to the report, 44.99% of all emails sent worldwide in 2025 and 43.27% of emails in the Russian part of the internet were spam. Also, 32.50% of all spam emails were sent from Russia.
The company reports that Kaspersky Mail Anti-Virus prevented 144,722,674 malicious email attachments, while the company's Anti-Phishing system prevented 554,002,207 attempts to access phishing links.
The top three countries in the 2025 ranking in terms of outgoing spam volume remained the same as the previous year: Russia, China, and the United States. However, Russia's share of spam decreased from 36.18% to 32.50%, while China's (19.10%) and the US's (10.57%) shares increased by approximately 2 percentage points each.
At the same time, Germany rose to fourth place with a share of 3.46%, from sixth place last year, displacing Kazakhstan, which fell to fifth place with a share of 2.89%.
Scams involving free concert tickets
In 2025, online streaming services remained a key target for phishing websites in the entertainment sector, as scammers lured users by offering early access to major premieres before their official release. At the same time, there was a significant increase in phishing pages that mimicked ticket platforms for live events.
Cybercriminals attracted victims with offers of free tickets to concerts by popular artists through websites that replicated the image and identity of major ticket distributors. To participate in these supposed "offers," users were asked to pay a small fee. However, after payment, the tickets were never sent.
At the same time, Kaspersky also detected phishing activity that required users to log in via social media to participate in live streaming and vote for their favorite artist. The purpose of these fake pages was to steal users' credentials. In addition, in this particular campaign, cybercriminals exploited the credibility of well-known companies such as Google and Spotify.
WhatsApp and Telegram accounts were the top targets
However, the top targets of phishing and digital fraud attacks in 2025 were WhatsApp and Telegram accounts.
Cybercriminals attempted to gain access to WhatsApp accounts through fake contests for children, a method that had been used extensively in the past to steal Telegram accounts.
At the same time, the perpetrators offered supposedly free Telegram Premium subscriptions, tricking users into entering their phone number and one-time verification code on fake login pages. In this way, they gained full access to the victims' login details.
It should be noted that in the past, such attacks were mainly limited to English and Russian. However, over the past year, there has been an increase in the geographical spread of phishing attacks, with similar incidents reported in other languages, such as Spanish and Uzbek, confirming the growing geographical spread of phishing attacks.
How fraudsters gain access to passport photos
Finally, Kaspersky also observed an increase in phishing attacks that appeared as "Know Your Customer" (KYC) checks. Specifically, through fake websites that requested information such as full name, email address, and phone number, the perpetrators attempted to extract sensitive personal data, including scanned copies of passports or photos of faces from different angles.
This data can be used by perpetrators to illegally access or take over accounts on services that require identity verification via photo or video, increasing the risk of digital identity theft and financial fraud.