A project against phishing, Phishtank, has released a report with the annual statistics on this issue. Phishtank has a community of self-proclaimed phish-fighters, who report websites they suspect to be partaking in the activity. The websites are then checked by Phishtank's experts to verify whether it is actually the case. A new effort Phishtank has started just recently in this loosing battle is informing ISPs via RSS of phishing sites hosted on their networks.
Some of the statistics are saddening, but most of them are expected: the number one host for phishers is the USA, accountable for around 30% of the world's amount. Inside the USA, the most popular ISP for phishers is SBC, which is far ahead of Comcast (28,000) and Roadrunner (25,000) with around 53,000 phishing sites.
A total of 300,000 websites were reported and 220,000 confirmed as the real thing, 70,000 went unverified. Out of the total number, 8,760 websites were misidentified, which indicates a few things. First of all, communication by way of email has been completely compromised, and even though some great incentives were made in this fight (such as the disappearance of eBay and PayPal scams, due to the fact that the latter both now use an encrypted signature, thus helping to automatically filter out fake emails), it will take quite a while to bring the reputation of email back up. Secondly, this indicates that phishing has managed not only to steal a hell-lot of money, but also to make users over-suspicious.