The shift may serve as a harbinger, raising the question of whether phishing will eventually become passé -- despite the current rise in phishing incidents.
"Over time, as banks get a better grip on fighting conventional phishing that uses social engineering, phishers will be forced to find other vectors of attack," Peter Cassidy, secretary general for the antiphishing group, said on Wednesday.
Within a couple of years, he said, conventional phishing could become obsolete. "It could be even faster. Events have always eclipsed our expectations," Cassidy said.
Conventional phishing campaigns reported to the group rose less than half a percent to 15,050 in June over the previous month, according to the group. But pharming attacks climbed 6 percent to 526 cases in the same period and crimeware cases soared 95 percent to 154, according to the group.
Phishing involves criminals sending out bogus e-mails in the hope that people are fooled into sharing personal information such as bank account passwords and credit card information.
In pharming attacks, people are redirected to a bogus Web site that looks legitimate. Once the victims are redirected to the bogus site, keyloggers are downloaded to steal information from the person or to dupe them into disclosing personal data.
With the rapid rise in crimeware, which is spyware designed to steal identities rather than just monitor online behaviour, the group this month launched "Project Crimeware."
The project will investigate malicious software that steals consumer, government and corporate access credentials with the aim of launching attacks, stealing identities or engaging in financial fraud.
The antiphishing group's "belief is that conventional phishing via social engineering schemes will be eclipsed by advanced, automated crimeware based on keyloggers, redirectors and session hijacking technologies," David Jevans, the group's chairman, said in a statement.
Too little, too late for many unsuspecting surfers who are not even aware the group exists - without any advertising to even tell the public to be careful using internet cafes, let alone via ISP's who have denied this all along