For some time now, phishers have been drifting away from their traditional practices and gravitating toward malware propagation, IID's Rasmussen said.
In a classic phishing scam, you receive an email from a trusted source -- a bank, for example -- that contains a link to a phony website emulating the source's. There, personal identifying information is cajoled out of you.
"That continues," Rasmussen said, "but what we're also seeing those same techniques being used to drive people to exploit sites."
"When you arrive there your browser gets hit withÃ'Â a series of exploits," he continued. "If it hasn't been patched, then your computer can get infected."
"That's upping the game a bit from the phisher's perspective," he added.
Sign up for CIO Asia eNewsletters.