Phishing attacks are spiralling, with criminals using increasingly sophisticated techniques to compromise users’ systems.
The industry-backed Anti-Phishing Working Group (APWG) received reports of 12,845 new phishing e-mail messages during January, a 42% increase on December.
There has now been 30% average monthly growth in phishing since last July, when the APWG had reports of 2,625 unique phishing e-mails.
Phishing is a type of fraud in which criminals send users e-mails purporting to be from brand-name companies with a web link supposedly leading to a trusted website.
Once entering the site, users will be asked to reveal sensitive information, such as passwords for online banking accounts.
Financial services companies remain the prime targets for phishing scams, with 80% of such e-mails sent to potential online financial services users.
Many e-mails are sent to users who don’t even have an online banking or financial services account.
The UK remains outside the top 10 hosting nations for phishing scams. The US is still the top phishing country, hosting 32% of attacks.
According to the APWG, January saw an increase in "blended" phishing attacks, combining links to rogue sites, worms, viruses and spyware to log users’ keystrokes.
The APWG said, "Password-stealing trojans are not just coming through e-mail. We have seen multiple attacks through Microsoft MSN Messenger instant messaging, where trojan horses and password-stealing keyloggers are run."
The APWG reported that vulnerabilities in unpatched browsers were also an increasing problem. The open source Mozilla Foundation patched its own Firefox browser against one such vulnerability earlier this week.