although the smart phishers are now moving away from relying entirely on human stupidity. We are seeing far more Trojan based attacks - still very easy to infect millions of Winblows PCs and all an attacker needs to do is either key log or alter your browser to log in to 'badsite.com' (tm) and pretend you are at 'yourbank.com'

And although some banks are going down the route of using SecurID or similar we have already seen successful attacks against them (even though the attack window has been reduced to 30 seconds from days!)

Fun times ahead - a good time to be an infosec professional. I know I need more people in my team...anyone interested?