Cybercrime syndicates are expanding the base of brands they exploit for online fraud beyond major financial institutions and online merchants, according to a new report from the Anti-Phishing Working Group (APWG).

The number of hijacked brands reached a record 356 in October, up nearly 4.4 percent from the previous record of 341 in August 2009.

"No brand is safe from the threat of spoofing for the purposes of online fraud. Once, only the largest banks were targeted," said Peter Cassidy, APWG Secretary General.

"Now, every kind of enterprise from banks and credit unions of all sizes to charities to, in a recent case, a hardware manufacturer, are now seeing their brands exploited in all manner of fraud scheme."

While the number of unique phishing reports submitted to the APWG in Q4 declined nearly 29 percent from a record high of 40,621 in August, dropping to 28,897 reports in December, the stats don’t reflect a more troubling trend. Member reports to APWG and research reviews in Q3 and Q4, reveal a significant increase in phishing focused on high value targets such as people in charge of finances.

"Spear-phishing and whale-phishing, where targeted individuals inside of corporations, or of high net worth, appears to be increasing," said Dave Jevans, APWG Chairman.

"Phishers and malware attackers are sending emails to individuals in a highly targeted fashion, attempting to gain access to corporate online banking systems, corporate VPN networks, and other online resources."

"These attacks do not contribute significantly to the overall number of unique phishing emails that are sent, as they are not using broad-based spam. Rather, the attackers customize their email messages to target individual users," Jevans said.