Phishing line hooks more and more victims

Phishing attacks have increased in quantity and quality over the past two months, according to research published by the Anti-Phishing Working Group on Monday.

Phishing is an internet scam in which unsuspecting users receive official-looking emails that attempt to fool them into disclosing online passwords, user names and other personal information such as bank details.

Victims are usually persuaded to click on a link in an email that directs them to a doctored version of an organisation's website. The APWG was formed in November 2003 to provide a forum for financial institutions and other organisations to share information about phishing attacks.

The APWG's Phishing Attack Trends Report compares the level of phishing activity recorded by the organisation's members on a monthly basis. According to the latest report, February saw 282 new phishing attacks, an increase of 60 per cent compared to January and a 163 percent increase over December 2003. There were an average of 10 new attacks reported every day, but the third week of February was the busiest, with an average of 12.5 attacks reported each day.

The financial services sector continues top be the most frequently targeted industry sector, and eBay remains the phisher's favourite individual target.

Dave Jevans, chairman of the APWG and a senior executive at internet messaging firm Tumbleweed, said phishing attacks are getting more common and more complex: "We are seeing more use of Javascript, pop-ups and cross-site scripting techniques to fool even sophisticated users. At stake is our very trust that the internet can be relied upon for safe and secure commerce and communications," he said in a statement.

The report said that between one and five per cent of recipients responded to recent attacks, which look increasingly official and so are harder to detect.

Munir Kotadia writes for ZDNet UK