The research by the Information Security Forum (ISF) also warned over the increasing use of 'moles' placed in organizations to gain access to prize customers.
The survey of 260 ISF members that shows that over a third of members have been affected by phishing attacks. Over 30 percent of these have experienced more than 20 attacks.
The ISF report provided a detailed five-point strategy to tackle the threat of phishing attacks. But while two-factor or even three-factor authentication is seen as a strong preventative measure, the report said that savings from direct fraud alone do not currently justify the expenditure. It added that companies should consider other factors such as damage to reputation, regulatory intervention or loss of competitive advantage.
The report also pointed to better education of customers about phishing and identity theft as being a more immediate requirement. According to the report, this should be supported by a strong anti-phishing policy, continuous internet monitoring to identify phishing activity and better internal protection. In particular, with criminal gangs planting and grooming company 'moles', the need to secure customer databases from internal attack is becoming increasingly important.
Andrew Wilson of the Information Security Forum said phishing gangs are starting to turn their attentions away from the U.S. And other English-speaking countries.
"We believe that email phishing will move away from English-speaking regions to Asia, China and the Middle East, to be replaced by a surge in sophisticated and well-organized trojan attacks," said Wilson.
"Often, the first time an organization knows that it is under attack is when customers notice money missing from their accounts, so it will become vital to put early warning mechanisms in place. These can include closely monitoring customer complaints and feedback for signs of attack, regular checking of web sites for the unauthorized use of logos and brand names and open-source intelligence gathering for indications of planned attacks."
Wilson added that improving user awareness of internet risks is "key to fighting online fraud, but in a manner that does not risk losing customer-confidence in e-commerce and online banking."
Last week, SC Magazine reported on phishers targeting hapless AOL users in an attempt to steal personal information and credit card details.