After detecting the user’s browser, the spoof site removes the real address bar and replaces it with a convincing fake address bar using Javascript and frames at the top of the browser window. “You can even type in the bank’s web address directly into the fake Address bar,” the APWG said in its alert. “This is a live piece of JavaScript code, not a static fake Address bar image.” The spoofed page also displays fake code when a user right-clicks on the page. Using the top menu will display the actual source.

Phishing attacks are increasing in frequency as well as sophistication. February was the busiest month yet with 282 e-mail attacks, a 60 percent rise from January’s record total, according to the latest data from the APWG. As was the case in January, the number of scams grew each week throughout the month, waveraging more than 12 attacks per day by the third week of February. eBay was again the primary focus of phishing crews, being targeted by 104 campaigns, followed by Citibank (58) and PayPal (42).

Netcraft has developed a service to help banks and other financial organizations identify sites which may be trying to construct frauds, identity theft and phishing attacks by pretending to be the bank, or are implying that the site has a relationship with the bank when in fact there is none.