The volume of phishing attacks dropped in 2010 to less than a quarter of what was seen in the previous two years, according to IBM's annual research report on threats and risks. There was still plenty of spam, however.

IBM researchers aren't sure why phishing has waned, though the apprehension of a major Romanian phishing gang last May likely helped, says Tom Cross, a researcher at IBM. Cross says it may be that phishing isn't paying enough and that attackers are shifting their attention to something "more lucrative, such as ATM skimming".

Financial institutions and their customers remained the target of phishing attacks over half the time, according to the report. Other specific attack targets included auctions, online payments and government organisations.

The most popular subject line in a phishing attack, seen about nine percent of the time, is "Security Alert - Verification of Your Current Details." One of the weirdest, seen in 3 percent of attacks: "Welcome to Very Best Baking!" - the typo makes the email look like an advertisement for a bakery.

The top countries or origin for phishing URLs are Romania at 18.8 percent, the US at 14.6 percent, China at 11.3 percent, South Korea at 9.8 percent and the UK at 7.2 percent.

In tracing the origin of phishing emails, IBM research shows India is tops at 15.5 percent, Russia at 10.4 percent, Brazil at 7.6 percent, US at 7.5 percent and Ukraine at 6.3 percent. IBM notes that the same four phishing-originating countries still dominate, only their relative positions have shifted slightly in the annual ranking, with Ukraine being a newcomer to the 'top 10' phishing list for 2010.