Something's phishy

"Bank robbery with an electronic twist" is how the Wall Street Journal's Jeremy Wagstaff describes the current threat posed by phishing scams as spammers, virus writers and con artists cooperate to steal access to victim's online accounts:

Security consultants and law-enforcement officers say members of the three groups have joined to steal hundreds of thousands, possibly millions, of dollars using a scam known as "phishing" -- the art of duping computer users into revealing their passwords and other private data.

The Anti-Phishing Working Group, a U.S. industry association, counted 1,125 such attacks in April, up 180% over March. MessageLabs, a U.S. e-mail security company, reported an 800-fold increase in such attacks in the past six months. "This is a huge increase," says Dan Maier of the Anti-Phising Working Group. "Each unique attack sends out anywhere from 50,000 to 10 million spam/phishing e-mails."

But while most attention has focused on e-mails that try to lure the unwary by imitating respected financial institutions, the "phishing" scam -- pronounced "fishing," and named for its technique of luring prey with convincing bait -- has already mutated into something more dangerous, security experts say. Such attacks now sometimes include code that hides on a user's computer to capture log-in names and passwords, which means even careful computer users could have their information stolen.

One recent attack was able to take snapshots of a user's screen when they logged onto their banking Web site, security experts said.