Apacs, said there were 20,682 “phishing” frauds involving banks and building societies reported in the first six months of the year, against 7,224 a year earlier.

Communications Director Sandra Quinn said: “We strongly urge banking customers to make sure they remain wary of online scams such as unsolicited emails claiming to be from their bank, and to only use a fully protected PC with regularly updated anti-virus software and a firewall installed and switched on.”

Phishing frauds involve fraudsters sending out bogus e-mails to people, claiming to come from their banks, and inviting them to click on a link to a fake bank website. The aim is to lure the bank customers into revealing their pin numbers and other bank account details.

Despite the rapid rise in phishing scams, Apacs said that overall losses through online banking fraud fell to £22.6m in 2007 from £33.5m in 2006, representing a 33 per cent decline.

Laudanski, a former volunteer firefighter, announced the move on Castlecops.com last week, saying that he’s looking to find someone else to run the site that he founded in 2002.

He said in a statement: “I won’t be able to ensure the same kind of support that I was able to provide in the past. I won’t be able to do it justice.”

The alleged ring aimed to bilk thousands of unwitting consumers and hundreds of financial institutions, according to indictments unsealed in Los Angeles and New Haven, Conn. More than half of those charged are Romanian, although authorities say the scam was being carried out in Canada, the United States, Portugal and Pakistan.

Federal authorities said the phishers participated in a trans-Atlantic scheme that targeted large number of individuals and financial institution.

Data entered by unwary users into a fraudulent website was used to create counterfeit bank cards, which were then used to siphon money from compromised accounts. A percentage of the proceeds were allegedly sent onto Romania while the rest was kept by their US accomplices. Fraudulent transactions were made in Canada, Pakistan, Portugal and Romania.

The Computerworld report says that users began receiving spam email messages on Monday telling them that they must correct a problem with their iTunes account; however, the link leads to a third-party site masquerading as an iTunes billing update page:

“that phony page asks for information including credit card number and security code, Social Security number and mother’s maiden name,” the report noted.

News of the phishing attempt comes by way of e-mail security firm Proofpoint, Inc. “We’ve gotten used to seeing the usual companies and brands attacked, like PayPal, eBay and Citibank. But we’ve never seen Apple as the target,”

Proofpoint’s Andrew Lochart said. “It’s probably indicative that the bad guys see Apple’s online presence as large enough to be a target. It’s part and parcel of the success that Apple has enjoyed lately.”

The phishing messages claim that the fastest way to receive one’s economic stimulus tax rebate is through direct deposit.

They include a Web link to an online submission form designed to steal submitted information from those fooled into believing that providing personal data will hasten the arrival of their tax rebate.

It tries to get you to sign up for direct deposit by clicking a link that connects you to a site that looks almost identical to the IRS’s. But it’s not. Like any phishing e-mail, the senders are just looking to steal your Social Security number and bank account information.

This type of targeted e-mail attack, called “spear-phishing,” is a variation on the more common “phishing” attack. Both attacks use fake e-mail messages to try to lure victims to malicious Web sites, but with spear-phishing the attackers try to make their messages more believable by including information tailored to the victim.

The email is an official looking subpoena via email requesting the recipient to appear in front of a grand jury. It had may have the recipient’s name, phone number, company, and correct email address included in the message. Even the URL looks legitimate at first glance. This is not a legitimate message and should not be released from the end user’s quarantine.

Attacks of this sort often last no more than a week. They target executives to gain access to their bank accounts, which typically have a significant amount of money. “It’s a very quick hit,” he said, noting that he has seen similar attacks result in bank account losses that range from $100,000 to $1 million in aggregate.

Michael Barrett, Chief Information Security Officer at PayPal, says phishing is not an unsolvable problem. He and colleague Dan Levy have written a white paper called “A Practical Approach to Managing Phishing” that was published on Thursday in conjunction with the RSA security conference.

Scores of PayPal customers were inundated daily with fake emails attempting to lure them to fake websites, where they’d be duped out of their personal information – possibly their very identities.

“We know we’re always going to be an attractive target for criminals. But what I don’t want is PayPal to be protected and the rest of the industry not. Phishing could be solved, there’s no need for it to happen,” PayPal chief info security officer said at a security conference recently.

The Trojan, known as TFactory, is a well-known piece of code that has been used by criminals for more than a year, PC World reported Saturday. The attack is not widespread and security companyMcAfee ( News – Alert) has observed it only on Web sites like MySpace, PC world said, citing information from McAfee security research manager Dave Marcus.

The infiltrated MySpace profile is still live at the time of writing, but both MySpace and Microsoft have both been notified. McAfee have warned MySpace users to beware of friend requests from people they don’t know and be careful when browsing MySpace profiles.

Hackers were able to launch this attack because they either discovered a flaw in the MySpace code or found a way of taking over user accounts, Marcus said. “Our best guess is [the owner of the one MySpace profile] just got their password and user name phished,” he said.

In a note to customers, Salesforce said that online criminals have been sending customers fake invoices and, starting just a few days ago, viruses and key logging software. The e-mails were sent using information that was illegally obtained from Salesforce.com.

The San Francisco-based firm, which has offices in Europe, Latin America, Japan and Australia, insisted that the embarrassing incident had not originated from an application or database “security flaw” at Salesforce.

It said that confidential details leaked via the scam included “first and last names, company names, email addresses, telephone numbers of salesforce.com customers, and related administrative data belonging to salesforce.com”.

In addition, “a few days ago, a new wave of phishing attempts that included attached malware — software that secretly installs viruses or key loggers — appeared and seemed to be targeted at a broader group of customers,” the company disclosed in the notice.

“That’s why we warned our system administrators last week of this new, more malicious phish and why we are sending this letter now with the goal of increasing awareness.”