Spam levels jumped in May to 76.8 per cent of all emails sent globally, according to new monitoring data.

MessageLabs' latest Intelligence Report attributed this hike to a change of tactics in which spammers are moving away from a reliance on email attachments.

Spammers are instead moving towards the exploitation of free mainstream hosted services such as Google Docs, Google Calendar and Microsoft SkyDrive.

"The savvy and accurate cyber-criminals of today seem to have abandoned the attachments tactic that was so innovative in late 2007 and are exploiting free hosted applications which have become mainstream in 2008," said Mark Sunner, chief security analyst at MessageLabs.

"The spammers are taking advantage of the fact that these services are free, provide ample bandwidth and are rarely blacklisted.

"This is one more addition to the growing list of ways in which the spammers have succeeded in outsmarting traditional detection devices."

MessageLabs intercepted spam emails in May which contained links to spam contained in documents hosted on the Google Docs environment.

Traditional spam filters do not block links to the Google Docs domain, and spammers are using this to their advantage and even tracking their success through Google Analytics.

Spammers are also using Microsoft's SkyDrive shared file hosting service. Spam generated using this technique accounted for one per cent of all unsolicited mail in May.

In addition to the variety of new spam techniques, MessageLabs also identified several new phishing exploits this month, including one which preyed on a bank's environmentally conscious customers.

Using the Srizbi botnet to launch the attacks, the phishers took advantage of a 'Go Green' campaign run by Central Bank in Missouri to lure recipients into sharing their bank details in order to register for electronic statements.

Also in May, MessageLabs found evidence of phishing attacks claiming to be from HSBC bank which purported to be a secure connection via HTTPS.

Closer inspection revealed that the attack was actually a standard HTTP link to a domain pretending to be the actual bank.