Netcraft: Phishing Attacks Continue to Grow in Sophistication
http://tinyurl.com/vwmvw

"The Year in PhishingPhishing attacks are continually evolving, as fraudsters develop new strategies and quickly refine them in an effort to stay a step ahead of banking customers and the security community. Here are some of the phishing trends and innovations we noted in 2006"

• Plug and Play Phishing Networks
• Phlashing (Flash-based phishing sites)
• Two-factor Authentication: A July attack on Citibank demonstrated a technique that was able to defeat two-factor authentication tactics using a man-in-the-middle attack.
• Hacked Bank Sites
• Continued XSS (cross-site-scripting) Vulnerabilities
• MySpace Phishing

Read the article for more details. Is safe to do online banking? I know people who say "no". If someone hacks into your bank account and commits fraud, who bears the burden of proof? You or the bank? Probably you. Who limits your liability? Not the bank. Credit card companies limit customer liability to a reasonable minimum, but with online banking, there is no such protection. If you physically visit a bank office and fraud happens, at least there are records of who did what (video camera recordings, records of which bank teller was helping with the transaction, etc.) With online banking, most of those audit records don't exist.