The AFCC detects, monitors, tracks and shuts down phishing, pharming and Trojan attacks for more than 250 organizations worldwide, and has recorded more than 60,000 site takedowns, the company said. It also participates in global anti-cyberfraud networks.

RSA Security, whose client base includes financial institutions and other e-commerce entities serving millions of end users, attributes the sharp rise in December phishing attacks to the Rock Phish group, which has been active for months and by some accounts is responsible for half the phishing attacks worldwide. The report also notes the emergence of other groups using similar methods.

"These attacks show some similarities to Rock Phish attacks but are hosted on completely different networks and do not demonstrate any known Rock signatures," RSA Security said in the report.

"Their magnitude and impact are far lower than Rock's, but they do exemplify some advanced phishing techniques and show that other groups are starting to adopt some of the Rock Phish methodologies," the company said.

Proxy servers that deliver the phishing content without direct communication between the victims and the actual phishing site are one similarity, RSA Security said.

The company said it has been successful in tracing at least one of the "mother ship" servers used by the new phishing groups to receive stolen personal data from the proxy servers.

"Phishing content against several institutions was hosted on this server and was delivered to the victims via the proxy servers," RSA Security said. "Information regarding this server was shared with law enforcement."

The proxy attacks are harder to shut down at the Internet server provider level, because the IP addresses change and the host server cannot be determined.

The RSA Security command center instead takes down those domains at the registrar level.

"De-listing the domains ensures that the attacks are taken down regardless of the servers on which they are physically hosted," the company said.

–[email protected]