Phishing is an Internet scam in which unsuspecting users receive official-looking e-mails that attempt to fool them into disclosing online passwords, user names and other personal information. Victims are usually persuaded to click on a link that directs them to a doctored version of an organization's Web site.
MessageLabs, which monitors corporate e-mail traffic, said Monday that in September 2003 the company encountered just 279 phishing e-mails. In January 2004, this figure reached 337,050 and then dropped back to 215,643 by March. The company said it is impossible to estimate exactly how many people have been fooled by the phishers.
The Anti-Phishing Working Group (APWG), which was formed in November 2003 to provide a forum for financial institutions to share information about new phishing campaigns, recently warned its members about an attack that can modify the victim's browser by replacing the address bar with a Java applet. This allows the attacker to take the victim to any Web site but display the address of an official Web site in the browser's window, increasing the chances of fooling people.
Munir Kotadia of ZDNet UK reported from London.