Nearly 13,000 new phishing emails and more than 2,500 phishing websites were spotted last month, the Anti-Phishing Working Group (APWG) has reported.

Phishing uses emails designed to lure internet users to counterfeit websites which attempt to trick them into divulging personal financial data such as credit card numbers.

By hijacking the trusted brands of well known banks and online retailers, phishers are able to convince up to five per cent of surfers to respond and leave themselves open to identity theft and financial loss, the APWG warned.

Some 2,560 unique phishing sites were reported in January, a jump of 47 per cent over December (1,740) and more than double the number reported in October (1,186).

There were 12,845 unique phishing email messages reported, representing a “substantial increase” of 42 per cent over December’s figure.

Around 140 different brands have been hijacked since November 2003. The average phishing site will stay online for just 5.8 days, with the most long-lived lasting for 31 days.

The most targeted industry sector continues to be financial services, the APWG said, accounting for 80 per cent of all hijacked brands in January.

The US continues to be the top location for hosting phishing sites, at 32 per cent. Other top countries include China (13 per cent) and Korea (10 per cent).

The APWG said that malicious websites are also attempting to install password-stealing keyloggers, using several browser vulnerabilities to install and run code on PCs that access a website.

More here.