Cybercriminals created a record number of phishing Web sites in July and also hijacked a record number of brands to help them do their work, a consortium that monitors online fraud said Monday.
The number of phishing sites -- or fraudulent Web sites try to fool people into handing over sensitive personal information -- rose to 14,191 in July, an 18 percent increase over May, the previous all-time high, said the Anti-Phishing Working Group (APWG).
The fraudulent sites mimicked a record 154 brands, up 20 percent over June and 12 percent over the previous high, also recorded in May, APWG said.
The latest figures show that online criminals are diversifying to target smaller financial institutions, Internet service providers and even government agencies, the group said. However, the financial services industry is still targeted the most, with more than nine out of 10 phishing sites aimed at that sector.
The technical sophistication of phishing attacks is also increasing. APWG said that 1,850 phishing sites attempted to download a Trojan horse, a program that conceals itself in another, harmless-looking file but can be used to harvest personal information or download other malicious programs to an infected computer.
APWG also said that one security vendor, Websense, detected special toolkits for sale on Russian Web sites to construct this kind of attack when a user visits a Web page. They can be fairly cheap, too: prices range from $20 to $300, APWG said.
Also on the rise are "traffic redirector" Trojans, which force users to certain Web sites without their consent, APWG said.
Overall, the United States hosts nearly 30 percent of all phishing sites, followed by South Korea at 13 percent and China at 12 percent, APWG figures shoed.

Sign up to receive Security Resource Alerts
A comprehensive security management solution can help you streamline, as well as grow, your current or evolving business. In this way, a strategic security approach can help you increase your competitiveness in these challenging market conditions.
Download now! »Find out how you can effectively collect, normalize and archive enterprise-wide, security-related data that is invaluable for security investigation and compliance reporting.
Download now! »This session focuses on the intersection of role management and identity compliance, and addresses the importance of identity compliance in enterprise governance and the challenges that organizations may face in achieving it.
View now! »