Phishing attacks involve the mass distribution of "spoofed" or forged email messages with return addresses, links, and branding which appear to come from banks, insurance agencies, retailers or credit card companies, but are designed to lead recipients towards fraudulent Web sites and trick them into disclosing sensitive personal data such as account usernames, passwords, credit card numbers and social security numbers.

Phishing scam perpetrators have reportedly set up bogus pages that display the "padlock" icon, which indicates a secure SSL connection, in an attempt to mislead users and create the appearance of credibility. The report, which cited SANS Institute's Internet Storm Center, warned however that real or fake Web sites cannot be determined through the lock alone. While the session is encrypted, it is not possible to ensure the organization is legitimate.

The report said that the emerging trend bears scrutiny as several consumer groups have encouraged users to look for the presence of an SSL certificate. Netcraft cited the US Federal Trade Commission, which advises consumers to look for the "padlock" icon, which appears in the browser status bar.

Another technique being used in an attempt to defraud customers is "visual spoofing," Netcraft said. In this method, scammers present the "padlock" on their pages and alter the appearance of the Web browser in an effort to prevent the user from detecting the fraud.

Netcraft reported that a recent scam targeting Earthlink users focused on some of the limitations of SSL certificates.