Criminal groups are using backdoors to computer systems left by viruses and worms to create networks of up to 1,000 PCs capable of launching simultaneous fraudulent e-mail campaigns, said the group.
The tactic led to a dramatic increase in the number of active phishing sites, which more than doubled from 540 in September to 1,140 in October.
"For the professional phishing groups, it is a big escalation. There are a small number of professional groups that have upped the game.
"Instead of having eight servers sending out an attack, we are seeing 1,000," said David Jevans, chairman of the Anti-phishing Working Group.
The escalation has prompted banks to take the problem more seriously after a period of denial, he said. More banks are signing up to commercial take-down services, which allow them to remove illegal phishing sites when they are discovered.
Computer Weekly revealed last week that banks are evaluating a range of defensive technologies including browser plug-ins to identify phishing e-mails.
But phishers are adopting increasingly sophisticated techniques to evade detection, the research has shown.
Phishers might use infected PCs to create up to 50 simultaneous phishing websites, hosted by different ISPs in different countries, said Jevans.
It can take up to a month to take down rogue sites, leaving bank customers exposed for a considerable period.
Phishing groups have also developed e-mails capable of evading anti-spam systems by sending messages in the form of an image rather than a text file.
Other organised groups are using malware to reprogram PCs to redirect requests to visit legitimate banking sites to fake websites hosted elsewhere.
And some sophisticated spam e-mails can direct customers to real banking sites while e-mailing their data to a fake site.
"You do not know when you have been phished and it is becoming a lot harder to detect," said Jevans.