By hijacking the trusted brands of well-known banks, online retailers, and credit card companies, "phishers" are able to convince recipients to provide personal information that has resulted in credit card fraud, identity theft, and financial loss. The information provided in this report is based on analyses of phishing attacks reported to the Anti-Phishing Work Group, an industry association whose membership is open to qualified financial institutions, online retailers, Internet Service Providers, the law enforcement community, and solutions providers. This report indicates that the number of active phishing sites reported in February 2005 was 2,625, and the average monthly growth rate for these sites during July through February was 26 percent. The number of brands hijacked by phishing campaigns in February was 64, and the number of brands composing the top 80 percent of phishing campaigns in February was 6. The United States was the country that hosted the most phishing Web sites in February. Twenty-six percent of the phishing attacks contained some form of target name in the URL. Forty-eight percent of the attacks had no host name, only the Internet Provider address. The percentage of sites that did not use port 80 was 8.85 percent. The average time online for the site was 5.7 days, and the longest time online for a site was 30 days. 7 figures