Cybercriminals created a record number of phishing websites in July and hijacked a record number of brands to help them do their work, a consortium that monitors online fraud said today.

The number of phishing sites – fraudulent websites that try to fool people into handing over sensitive personal information – rose to 14,191 in July, an 18 percent increase over May, the previous all-time high, said the APWG (Anti-Phishing Working Group).

The fraudulent sites mimicked a record 154 brands, up 20 percent on June and 12 percent on the previous high, again recorded in May, APWG said.

The latest figures show that online criminals are diversifying to target smaller financial institutions, ISPs and even government agencies, the group said. However, the financial services industry is still targeted the most, with more than nine out of 10 phishing sites aimed at that sector.

The technical sophistication of phishing attacks is also increasing. APWG said that 1,850 phishing sites attempted to download a Trojan horse, a program that conceals itself in another, harmless-looking file but can be used to harvest personal information or download other malicious programs to an infected computer.

APWG said one security vendor, Websense, detected special toolkits for sale on Russian websites to construct this kind of attack when a user visits a web page. They can be fairly cheap, too: prices range from $20 (about £11) to $300 (£160), APWG said.

Also on the rise are 'traffic redirector' Trojans, which force users to certain websites without their consent, APWG said.

Overall, the US hosts nearly 30 percent of all phishing sites, followed by South Korea at 13 percent and China at 12 percent, APWG figures showed.