There were 176 new, unique attacks reported to the Anti-Phishing Working Group, an industry body comprised of financial institutions, law enforcement agencies and e-commerce providers.
Surprisingly, only eight per cent of attacks used an exploit in Microsoft's Internet Explorer to fake a legitimate web site's URL in the address bar and disguise the true web site of the phisher.
The organisation singled out for the most attacks is eBay, overall it is the financial services sector that bears the brunt of strikes.
One of the most alarming developments is the emerging threat of scams designed to fool recipients into downloading keyloggers and other Trojans that attempt to capture banking usernames and passwords.
The latest scam, documented at Codefish Spamwatch, operates via an email with the subject "Police investigation." According to the organization, the web page link points to what looks like an invalid web page with a server error.
This page is a normal HTML page with that message put there to distract people from what else is happening. A look at the extra code in that HTML page reveals that in the background the HTML attempts to launch some Java applet code calling a file called "javautil.zip".
Dave Jevans, Chairman of the Anti-Phishing Working Group and a Senior Vice President at Tumbleweed Communications said attacks are increasing both in number and sophistication.
"The spam epidemic has evolved from a nuisance to a real security threat with this shift to financial crime and identity theft," said Jevans. "Even the most sophisticated user of the Internet will be hard-pressed to distinguish these fraudulent "phishing" emails and websites from legitimate business communications."
Details of the new scam can be found here. http://spamwatch.codefish.net.au/modules.php?op=modload&name=News&file=article&sid=55&mode=thread&order=0&thold=0