"This is one of the most sophisticated phishing attacks that we have yet detected," said Dave Jevans, chairman of the Anti-Phishing Working Group (APWG). "Because the fake Address bar remains installed even after you leave the phisher's site, there is a possibility that a phisher could use this technique to secretly track every web site that you visit."
The new technique targets Citibank, commencing with e-mails bearing the subject "Verify your E-mail with Citibank." The IP address for the spoofed page (http://18.104.22.168) is part of a block of addresses assigned to The Planet, a large hosting provider in Dallas, and was still active as of yesterday.
Phishing attacks are increasing in frequency as well as sophistication. February was the busiest month yet with 282 e-mail attacks, a 60 percent rise from January's record total, according to the latest data from the APWG. As was the case in January, the number of scams grew each week throughout the month, waveraging more than 12 attacks per day by the third week of February. eBay was again the primary focus of phishing crews, being targeted by 104 campaigns, followed by Citibank (58) and PayPal (42).
Netcraft has developed a service to help banks and other financial organizations identify sites which may be trying to construct frauds, identity theft and phishing attacks by pretending to be the bank, or are implying that the site has a relationship with the bank when in fact there is none.