The number of new phishing attacks reported has risen by an average of 50 percent per month in the first six months of this year, according to the Anti-Phishing Working Group (APWG), which monitors such attacks.
Phishing attacks use spoofed e-mails and fraudulent Web sites to fool respondents into entering personal financial data such as credit card numbers or account usernames and passwords, which can then be used for financial theft or identity theft.
Phishers launched 1,422 new attacks in June, up 19 percent on the 1,197 recorded in May and more than 12 times as high as the 116 attacks reported in December 2003, APWG reported on its Web site this week.
Most phishing attacks are aimed at customers of banks in the US, UK and Australia although online e-commerce companies such as eBay and PayPal are also targeted.
Citibank is the current favourite of phishing criminals, with 470 separate attacks made in June, compared to the 285 attacks aimed at eBay. Lloyds TSB Bank PLC was the main UK target with 24 attacks in June, and Westpac Banking Corporation of Australia was attacked 11 times.
The APWG has over 400 members including eight of the top 10 US banks, four of the top five U.S. ISPs (Internet service providers) and law enforcement bodies from Australia, Canada, the UK and US.
Internet security company Websense issued its own analysis of the APWG report Tuesday and found that the US had hosted the most phishing Web sites in June, at 27 percent of all sites, the average lifespan of each of a site being 2.25 days.
The company also said that twenty-five percent of phishing Web sites were hosted on hacked Web servers while 94 percent were configured to allow criminals to remotely download captured personal data.