Bank phishing declines but still drives 26% of attacks

Bank services may be becoming increasingly difficult to successfully impersonate.

Bank phishing declined globally in 2025, although it still made up every 1 in 4 financial phishing attacks that year, according to data from Kaspersky.

Pages that mimicked e-shops dominated the financial phishing landscape in 2025, at 48.5% or nearly 1 in 2 attacks. Banks followed at 26.1% of the landscape, then payment systems at 25.5%.

The decline in bank phishing may suggest that these services are becoming increasingly difficult to successfully impersonate, Kaspersky said.

Over a million online banking accounts were compromised by infostealers last year, the report found.

Attackers are moving away from traditional PC banking malware and increasingly relying on social engineering and dark web marketplaces, while mobile financial malware continues to grow.

APAC and Europe displayed even spread across all three categories of traditional financial fraud, suggesting diversified attack strategies in these two regions, Kaspersky said.

In contrast, the Middle East’s financial phishing is overwhelmingly concentrated on e-commerce (85.8%), and in Africa, bank-related phishing leads (53.75%). LATAM shows a more balanced distribution, also bank targeting got the highest share at 42.25%.