According to security firm Trusteer, the attack targets cPanel, a popular management tool for web hosts.
The attackers have sent out emails claiming to originate from the hosting firms.
The emails tell the user that due to maintenance activities all FTP credentials must be updated. The message contains a link to a phishing site which asks for log-in information.
The study, exclusively monitored users who successfully reached a live phishing site that was not blocked by their browser's built-in anti-phishing protection or filtered as fraudulent one (Phishing experiment sneaks through all anti-spam filters), and found out that on average, 12.5 out of one million customers sampled for a particular bank, visited the phishing site.
If you think or know you have been phished, report the phishing email to the proper authority. For example, if it's a credit card phishing email, report the email to the issuing bank. If you have given your banking or credit card information, immediately close the account and open a new one. In the future, be suspicious of all unsolicited or unexpected emails you receive, even if they appear to come from a trusted source. Your bank will never ask you to confirm any of your personal information by clicking a link to visit a Web site.
The best way to prevent phishing is to have some kind of personal security device separate from your PC that is part of the login.
The new scareware template branded as "Green-AV Premier Edition 3.0" is pitched as the "World's First Antivirus Which Cares About the Environment" and goes for a hefty price of $99.99, in comparison to other scareware brands whose price tags vary from $49 to $79.