Internet fraud attacks against online banking customers have increased by 29 per cent with criminals using sophisticated viruses to steal information.
More than 1518 active phishing sites were reported in November with America hosting the most fake online bank sites, according to a report by the Anti-Phishing Working Group (APWG) and Websense.
But experts are concerned with the growing sophistication of identity theft as criminals switch from social engineering emails - which try to trick customers into giving out details - to malicious code which infects computers of unsuspecting users.
'Most of them wait for end-users to access known financial and ecommerce sites and then either replace the site with their own hosted version or capture the keystrokes of the end-user,' said Dan Hubbard, analyst at Websense.
'Keyloggers also have been part of many blended attacks and have spread through many recent highly publicised worms,' he said.
Some 51 online brands were hijacked during the period with online bank and retail sites being spoofed the most.
The APWG says advances in phishing malicious code are resulting from an increased interest by organised crime syndicates in online identity theft and fraud.
'We've already seen indications that phishers are already commanding automated distribution systems, apparently leveraging botnets, known as zombies,' said David Jevans, chairman of the APWG.
'Those resources, combined with conventional keylogging and other innovative malicious code is a threat scenario that could deliver more sophisticated attacks.'