Cybercriminals created a record number of phishing websites in July and also hijacked a record number of brands to help them do their work, says a consortium that monitors online fraud.
The number of phishing sites — or fraudulent websites try to fool people into handing over sensitive personal information — rose to 14,191 in July, an 18% increase over May, the previous all-time high, says the Anti-Phishing Working Group (APWG).
The fraudulent sites mimicked a record 154 brands, up 20% over June and 12% over the previous high, also recorded in May, says APWG.
The latest figures show that online criminals are diversifying to target smaller financial institutions, internet service providers and even government agencies, the group says. However, the financial services industry is still targeted the most, with more than nine out of 10 phishing sites aimed at that sector.
The technical sophistication of phishing attacks is also increasing. APWG says that 1,850 phishing sites attempted to download a Trojan horse, a program that conceals itself in another, harmless-looking file but can be used to harvest personal information or download other malicious programs to an infected computer.
APWG also says that one security vendor, Websense, detected special toolkits for sale on Russian websites to construct this kind of attack when a user visits a web page. They can be fairly cheap, too: prices range from US$20 to US$300, says APWG.
Also on the rise are "traffic redirector" Trojans, which force users to certain websites without their consent, says APWG.
Overall, the United States hosts nearly 30% of all phishing sites, followed by South Korea at 13% and China at 12%, shows APWG figures.