Alarming Phishing Trends

Remember:NO REPUTABLE ORGANIZATION WILL EVER SEND YOU AN EMAIL THAT INVITES YOU CLICK A LINK TO IT.
A legitimate email will invite you to browse yourself to their website.  it will not provide a shortcut.
When you get such an email, block the sender.
The number of phishing Web sites skyrocketed in December, as did the number of sites designed to spread password-stealing badware, according to the most recent report from the Anti-Phishing Working Group.
The number of unique phishing sites jumped from 4,630 in November to 7,197 in December, a 55 percent increase. Online scam artists also targeted a wider range of companies in their phishing sites. One scam found at the end of 2005 targeted customers who shop at Wal-Mart's Web site, telling recipients that their accounts had been compromised.
Another notable phishing attack in December went out in an e-mail impersonating the Internal Revenue Service, linking to a bogus IRS site that claimed to offer recipients a way to check on the status of their tax refund. We've seen IRS phishing attacks before, and we are likely to see more of them in the weeks leading up to April 15.
December also brought a massive increase in phishing-based Trojan horse programs as well as keyloggers -- nasty programs designed to intercept sensitive information the victim enters into banking, e-commerce or Webmail accounts. According to the APWG, the number of Web sites using browser vulnerabilities to attempt keylogger installs exploded to at least 1,912 in December, up 83 percent from November.
That growth was spurred in large part by the discovery of two critical security flaws in Microsoft's Internet Explorer browser -- MS05-054 and MS06-001 -- that allowed malicious Web sites to install software on the visitor's computer. The APWG report said its members spotted hundreds of sites using exploits for those vulnerabilities to install keystroke-logging software.
By Brian Krebs