Hundreds of thousands. You see like the telephone spammers they are using a robo dialer which is against the law and why would that surprise you.
With these dialers the process calls or sends texts to numbers in sequential order. Lets say in area code 505 the dialer uses 505-101-**** and so on. Then they get a load of suckers looking for a quick cash day, the people get a bogus website that looks and feels like the original and the poor sucker enters their account name or number and password of course that info is sent to the domain as a sendto=entertheredirectpageurlhere then the scam site can do as it wishes.
The bogus domains are normally out of this country but the domain registry agency can be contacted and have the scam site taken down. Internic should be contacted to get these sites from operating. Domain registry is so easy to do, and all a scammer has to do is pay a small fee and hope enough suckers bite and make it worth their while.
Sad but so true.