I just read this blog post by ESET laboratories: Inside a phishing attack: 35 credit cards in 5 hours.
They analyzed a very poorly designed phishing attack and found that:
- The first access to the site was on January 20 at 10:01 pm (as seen in picture). The latest registered access was on the same date at 15:24 pm. Therefore, the attack actively lasted just over five hours.
- During those hours, 164 people accessed the phishing site, which indicates an average of about 30 people per hour; therefore, there is a potential victim every two minutes.
- Out of the 164 participants, 35 entered valid credit card data, which indicates an effectiveness of 21%: one out of every five people who accessed the web site provided their sensitive data.
This shows that there is still a long way to go with consumer education and technology like phishing filters.