The Anti-phishing Working Group released the February Phishing Trends report last week, which showed an alarming rise in the prevalence of the latest online security threat.

In February 2005, there were 13,141 new, unique phishing email messages reported. This is an increase of 2% over the number of unique reports for January, despite February being a shorter month. The average monthly growth rate since July 2004 (2,625) is 28%.

The number of phishing websites supporting these attacks also held steady, rising 1.8% from 2578 to 2625 in the month of February.

In addition, phishing without a lure is now becoming more prevalent among attack styles. The most common is malicious code which either modifies your hosts file to point commonly accessed sites to the fraudulent site (Pharming) and malicious code that logs your keystrokes based upon a set of predetermined URLs that are accessed (keylogging).

DNS cache poisoning is also an alternative means that can be used to resolve information to non-legitimate pharming web sites.

Security vendor Websense Security Labs reports that a large number of small ecommerce sites and regional banks have become victims of phishing attacks.

Additional Highlights of the report include:

* Number of active phishing sites reported in February: 2625

* Average monthly growth rate in phishing sites July through February: 28%

* Number of brands hijacked by phishing campaigns in February: 64

* Number of brands comprising the top 80% of phishing campaigns in February: 6

* Country hosting the most phishing websites in February: United States

* Contain some form of target name in URL: 26%

* No hostname just IP address: 48%

* Percentage of sites not using port 80: 8.85%

* Average time online for site: 5.7 days

* Longest time online for site: 30 days

The full report is available at:

http://antiphishing.org/APWG_Phishing_Activity_Report_Feb05.pdf.