According to security firm Trusteer, the attack targets cPanel, a popular management tool for web hosts.
The attackers have sent out emails claiming to originate from the hosting firms.
The emails tell the user that due to maintenance activities all FTP credentials must be updated. The message contains a link to a phishing site which asks for log-in information.
The study, exclusively monitored users who successfully reached a live phishing site that was not blocked by their browser's built-in anti-phishing protection or filtered as fraudulent one (Phishing experiment sneaks through all anti-spam filters), and found out that on average, 12.5 out of one million customers sampled for a particular bank, visited the phishing site.