A sixth man associated with the group, which is suspected of targeting Postbank online account holders, is said to be on the run.
More than 12 million people hold Postbank accounts. According to German news Web site Heise.de, phishers targeted a large number of Postbank customers in Trojan horse and phishing attacks earlier this year, attempting to steal passwords and login information.
The phishing attacks began in January this year.
"We are increasingly seeing organised criminals writing Trojan horses to monitor the activity of innocent computer users," said Graham Cluley, senior technology consultant for Sophos. "They wait for them to visit a legitimate banking Web site before stealing their essential login information."
Former White House cyber security advisors Richard Clarke and Howard Schmidt have called for banks to implement two-factor authentication, such as RSA's SecureID, in a bid to halt phishing attacks. Clarke added that online transactions cost half of one percent of a physical banking transaction. Microsoft has backed the call.
The Association of Payment and Clearing Houses (APACS) said that it was looking into using the technology, but had made no decisions yet.
Russian antivirus company Kaspersky Labs recently said that 90 percent of malware is created and sent by criminals looking to steal money.
