Transition from AOL to financial institutions
Capture of AOL account information may have led phishers to misuse credit card information, which then evolved into attacks against online payment systems. The first known direct attempt against a payment system affected E-gold in June 2001, which was followed up by a « post-911 id check » shortly after the September 11 attacks on the World Trade Center. Both were viewed at the time as failures, but can now be seen as early experiments towards more fruitful attacks against mainstream banks. By 2004, phishing was recognized as fully industrialized, in the sense of an economy of crime: specializations emerged on a global scale and provided components for cash which were assembled into a finished attack.
 Recent phishing attempts
A chart showing the increase in phishing reports from October 2004 to June 2005.
More recent phishing attempts have targeted the customers of banks and online payment services. E-mails supposedly from the Internal Revenue Service have also been used to glean sensitive data from U.S. taxpayers. While the first such examples were sent indiscriminately in the hope of finding a customer of a given bank or service, recent research has shown that phishers may in principle be able to establish what bank a potential victim has a relationship with, and then send an appropriate spoofed email to this victim. Targeted versions of phishing have been termed spear phishing. Social networking sites are also a target of phishing, since the personal details in such sites can be used in identity theft; in late 2006 a computer worm took over pages on MySpace and altered links to direct surfers to websites designed to steal login details. Experiments show a success rate of over 70% for phishing attacks on social networks
Source : wikipedia