A report has just come out ranking sectors ranging from airlines to social in terms of email phishing attacks. The study found that cyber criminals target financial services’ customers the most; airlines are lagging at setting up email defenses; and social companies like Twitter are kicking butt in protecting their users.

Agari is in the business of helping companies defend themselves from email phishing and as a result, it collects trillions of emails. Every quarter, Agari compiles information from the previous three months’ messages and analyzes the data. It then publishes a report called the TrustIndex exploring which industries are the best and worst at protecting their customers from potential phishing attacks, and which industries face the most and least number of phishing attacks from hackers.

Email phishing attacks were up 122 percent in the financial sector in the last ninety days. Scammers increasingly target banking customers via email, pretending to be their financial institution. Then the scammers can get personal information and in some cases account details from users.

The big increase in financial services’ attacks shocked Pat Peterson, Agari’s CEO. “It’s kind of unfathomable,” Peterson said. “The first time I saw the numbers, I thought there must have been a rounding error.” Peterson pointed to quarter one results, where there was no lack of phishing attacks. To see criminals redouble their phishing efforts means one thing: the tactics are working. “They’re getting people to click, getting into people’s accounts, and plowing their efforts into the pay off.”

Although Agari only looked at major banking institutions for its analysis of the financial sector, the results have implications for all the startups competing in the payment space. As companies like Square, Stripe, Braintree, and WePay grow their user base, they too might find their customers targeted by phishing scams. Peterson pointed to the cyber attacks that have hit startups like Etsy and Living Social as a premonition. “The fact that criminals are paying a hell of a lot more attention at those companies even if they aren’t Fortune 500 is also a great wakeup call for those businesses,” Peterson says. “If they’ve got a valuable customer base the criminals will use that brand to go after the customer base.”

Peterson mentioned that some startups have approached Agari and are in talks with the company to help protect them from phishing scandals. However, since negotiations are underway he couldn’t go on the record about which ones.

“A few years ago, who even thought about phishing Lala or Living Social or Box?” Peterson says. “I don’t think it was on the criminal radar or they were thinking about it. Now it’s much more of a daily occurrence.”

Agari is a startup itself, and Peterson has sympathy for the plight of other startups in protecting themselves. “Bigger institutions have evolved over the years to have staff devoted to developing higher security mechanisms,” Peterson says. “But startups don’t necessarily have the expertise or the budgets for such measures.”