Two groups of criminals have stolen data from an estimated 15,000 victims over the past 15 months, using targeted "spear-phishing" email attacks, according to researchers at Verisign.
Verisign has tracked 66 of these attacks since February 2007 and believes that two shadowy crime groups are behind 95 percent of the incidents.
Unlike traditional phishing attacks, which are sent to millions in hopes of luring some victims to fake websites, spear-phishing emails contain personal information, such as the name of the victim or his employer's name to make them appear legitimate. In the attacks tracked by Verisign, victims are tricked into visiting malicious websites or opening malicious attachments, which then give attackers a back door onto their PCs so they can steal information.
After tinkering with their attack techniques in the first few months of 2007, the spear-phishers appear to be stepping up their campaigns.