Products & Releases

Phishing Attacks Drop Year-Over-Year, Report Says

Overall phishing attacks decrease as attacks by Avalanche group shift to malware distribution
TACOMA, Washington – August 18, 2010 – IID (Internet Identity), a provider of technology and services that help organizations secure Internet presence, today released its Second Quarter Phishing Trends Report ( that revealed phishing attacks dropped in the second quarter of 2010 year-over-year. According to IID, phishing attacks were down 10 percent from April to June 2010 compared to the second quarter of 2009. Despite this drop, phishing attacks targeting e-commerce, gaming, web services and social networking sites significantly increased.

Detailed findings of IID's fifth quarterly phishing report include:

• Phishing attacks by Avalanche, one of the most prolific cyber criminal gangs (responsible for two-thirds of the world's phishing attacks in the second half of 2009), have essentially disappeared. However, it has turned to distributing Zeus malware which is capable of hijacking computers, then stealing banking, social networking and email account logins, and making that information available as part of a criminal network. • Non-Avalanche phishing attacks increased 12 percent year-over-year, filling much of the void left by the disappearance of Avalanche phish. • Traditional bank phishing continues to comprise about 50 percent of overall phishing. However, that is down from almost 60 percent in Q2 2009. • The U.S. increased its share while retaining the top spot for overall phish hosting volume; Canada jumped from seventh to second. • Domain Name System (DNS) hijackings continued to proliferate, as several major brands were taken over in Israel.

"While significant strides have been made in fighting phishing, cyber criminals are continuing to invent new methods for their attacks. This has become apparent with the most prolific phishers we've ever tracked now concentrating almost solely on distribution of Zeus malware – with great effect," said IID President and CTO Rod Rasmussen. "However, it's imperative that organizations keep their phishing guard up in the coming months, because we've seen plenty of new phishing campaigns launched against an even wider range of target organizations."

In 1997, IID discovered and disabled a phishing attack against AOL long before phishing became such a publicized problem. Since then, the company has been helping protect both company brands and consumer pocketbooks against such assaults. IID security experts and analysts from the world's leading security and Internet infrastructure organizations like ICANN and APWG contributed data and background for the IID 2010 Second Quarter Phishing Trends Report. It can be found in its entirety at

About IID IID (Internet Identity) has been providing technology and services that secure the Internet presence for an organization and its extended enterprise since the company was founded in 1996. It recently started delivering the industry's first and only solution for detecting, diagnosing and mitigating domain name system (DNS) security and configuration issues for an organization and its extended enterprise. IID also provides anti-phishing, malware and brand security solutions for many of today's leading financial service firms, e-commerce, social networking and ISP companies, and more. The company is working hard to deliver solutions that help keep the Internet safe and trusted for businesses. IID is headquartered in Tacoma, Washington. More information can be found at