Phishing attacks are increasingly using key-loggers as another method to steal personal information, according to the Anti-Phishing Working Group (APWG).

These attacks usually redirect users to a bogus website and record details once they are entered. But the past six months has seen a tenfold rise in the number of phishing sites hosting key-logging software which can be transferred to a user's PC via an improperly patched browser.

"Phishing techniques are evolving in sophistication and complexity at a rapid pace," warned Mark Murtagh, technical director at Websense, a member of the APWG.

"As awareness of phishing among web users has grown, fraudsters are using new attack methods in addition to fake websites.

"One of the most common forms is where malicious code modifies host files and points end users to a fraudulent site despite them having typed the correct URL into their browser."

At the end of last year there were only 10 phishing sites being found each week hosting such code, but by March this had risen to 100. Some web pages remained up for over a month, but the average time to take down a phishing site was 5.8 days.

The move to key-loggers could reflect growing security awareness among consumers regarding online commerce.

Banks have always told customers that they do not ask for personal information via email, and are working with police and the government on other ways to fix the problem.