More evidence that phishing attacks are a growing plague rained down Wednesday as mail-filtering vendor MessageLabs said it had detected an 800-fold increase in the number of phishing E-mails in the last six months.

Phishing scams use a combination of spoofed E-mail messages and fake Web sites to trick consumers into giving up personal financial data, such as credit-card and bank-account numbers, account user names and passwords, and other confidential information.

Typically, phishing attacks pose as E-mails from trusted senders, such as banks, credit-card companies, and online retailers, then direct the recipient to a bogus Web site--which can look nearly identical to the real thing--where they're asked to fill out forms to, for instance, maintain their account or validate their credit-card information.

In September 2003, MessageLabs tracked just 279 phishing E-mails. But by last month, that number had rocketed to 215,643, and was even higher-- 337,050--in January).

"In just six months, the number of phishing E-mails has increased exponentially--evidence that the number of individual scams has also risen dramatically," Mark Sunner, chief technology officer at MessageLabs, said in a statement.

On Tuesday, the Anti-Phishing Working Group, an organization dedicated to the elimination of phishing-style mailings, noted that the number of unique scams--as opposed to the raw numbers of actual E-mails that MessageLabs tracked--had climbed by 43% in March over the previous month.

In the United States, MessageLabs said, phishing messages have masqueraded as mail from Citibank, eBay, PayPal, Wachovia, Visa, and Bank of America, while in the United Kingdom. targets have included customers of Barclays, NatWest, and Lloyds.

Sunner urged businesses to protect themselves and their customers against phishing expeditions by implementing a fraud-protection service that monitors E-mail traffic (something MessageLabs provides), updating incident response procedures so that IT security teams can quickly contact the right law enforcement agencies, and regularly educating customers to remind them about what kind of information they'll be legitimately asked about via E-mail.