This Netcraft article titled Phisher Kings compares growth of phishing with that of spamming (via Payments News).  It's not surprising to me since I think phishers who rely mostly on social engineering used to be spammers.  However, phishers using trojans, like the one described in this Code Fish Spam Watch article, are not.  They are hackers using e-mail to find their victims.

Using trojans to harvest passwords and credit card numbers is, fortunately, not as deadly as it might seem at first glance.  Why?  Because trojans require more technical knowledge, higher cost of maintenance, and higher cost of labor necessary to mine the returned data.  It's all glory and little in return.

In comparison, phishers with spamming background tend to focus on what really matters, the ROI numbers.  Instead of wasting days and weeks to write and finetune trojans, they use a web page editor to create their lures and receive their loots in ready to use form.

There is a more dangerous group of potential phishers we need to keep an eye out for: telemarketers.  While most spammers operate blindly, telemarketers leverage information to choose and attack their victims more intelligently.  Phishers with telemarketing background are more likely to be spear-phishers, phishers who target rich victims with tailored attacks.

When they come for you, they will know your name, where you live, what finanicial services you are using, and more.