Kaspersky Report: E-Commerce Scams Surge to 85% of Financial Phishing in the Middle East

In a significant shift within the cybersecurity landscape, over one million online banking accounts were compromised by infostealers in the past year. This alarming trend underscores a broader transition in financial cyberthreats, which are increasingly focused on credential theft and data reuse. As attackers pivot away from traditional PC banking malware, they are leveraging social engineering tactics and dark web marketplaces, while mobile financial malware continues to escalate.

Evolving Threat Landscape

The Kaspersky report highlights that traditional financial phishing remains prevalent, with pages impersonating e-commerce sites comprising 48.5% of phishing attempts in 2025—an increase of 10.3% from the previous year. In contrast, phishing attempts targeting banks dropped to 26.1%, a decline of 16.5%, while payment systems saw a rise to 25.5%, up by 6.2%. This decline in bank-related phishing may indicate that fraudsters are finding it increasingly challenging to successfully impersonate these institutions, prompting a shift toward easier targets.

Regional variations in phishing tactics reveal a tailored approach by attackers. In the Middle East, e-commerce phishing dominates at 85.8%, reflecting a heavy reliance on online retail lures. Conversely, Africa sees a significant focus on bank-related phishing, which accounts for 53.75%, suggesting that user account security in that region may still be lacking. Latin America exhibits a more balanced distribution of phishing attempts, while the Asia-Pacific and European regions demonstrate a diversified strategy across all three categories.

Rise of Mobile Malware

The decline in users affected by financial PC malware is notable, as more individuals turn to mobile devices for financial management. In contrast, mobile banking attacks surged by 1.5 times in 2025 compared to the previous year. Infostealers have become a critical component of financial crime, operating on both PCs and mobile devices. They harvest sensitive information, including login credentials, cookies, bank card numbers, crypto wallet seed phrases, and autofill data from browsers and applications. This harvested data is then exploited for account takeovers and direct banking fraud.

Kaspersky’s data indicates a staggering 59% increase in infostealer detections globally from 2024 to 2025, with Africa experiencing a 53% rise and the Middle East seeing a 26% increase on PCs. This surge in infostealer activity is fueling credential-based attacks, further complicating the cybersecurity landscape.

Dark Web Dynamics

According to Kaspersky Digital Footprint Intelligence (DFI), over one million online banking accounts associated with the world’s 100 largest banks fell victim to infostealers in 2025. Credentials for these accounts are reportedly being traded freely on the dark web, with India, Spain, and Brazil identified as the countries with the highest median number of compromised accounts per bank.

The report reveals that 74% of payment cards compromised by infostealer malware and published on dark web platforms remained valid as of March 2026. This statistic indicates that attackers can still exploit cards stolen months or even years prior, underscoring the persistent threat posed by these cybercriminals.

Insights from Cybersecurity Experts

Polina Tretyak, a Kaspersky Digital Footprint Intelligence analyst, emphasizes the dark web’s role as a central hub for financial cybercrime. Stolen credentials and bank cards harvested by infostealers are aggregated, repackaged, and sold, while phishing kits targeting financial product users are offered as ready-to-use services. This creates a self-sustaining ecosystem where data theft and fraud operations reinforce each other, making attacks scalable and accessible to fraudsters with minimal experience.

Tretyak stresses the necessity for proactive threat intelligence from organizations and increased awareness among individual users to disrupt this cycle.

Recommended Protective Measures

Kaspersky outlines several measures for individual users to enhance their cybersecurity posture:

• Avoid clicking on links from suspicious messages and verify web pages before entering credentials or banking details.
• Implement multifactor authentication whenever possible, create strong and unique passwords, and store them securely in a password manager.
• Utilize a reliable security solution to guard against fake e-commerce sites and phishing pages. Kaspersky Premium offers advanced detection technology that analyzes website characteristics and URLs to identify suspicious patterns.

For businesses, Kaspersky recommends:

• Conducting a comprehensive assessment of the entire infrastructure to identify and rectify vulnerabilities, potentially engaging external specialists for fresh insights.
• Deploying integrated platforms to monitor and control all attack vectors, ensuring rapid detection and response across the organization. Solutions from the Kaspersky Next product line provide real-time protection, threat visibility, and scalable EDR/XDR capabilities.
• Continuously monitoring dark web resources to enhance the coverage of potential threats and track the activities and plans of threat actors. This type of monitoring is available through Kaspersky’s Digital Footprint Intelligence service.

The evolving landscape of financial cyberthreats necessitates a proactive approach from both individuals and organizations to safeguard sensitive information and mitigate risks.

Source: arqam.news

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.