With all the frustration, anger and effort put into stopping the Nigerian 419 scams and others of that nature, it seems to be a common misconception that most phishing occurs in poor areas of the world. On the contrary, it seems most malicious activities on the net around the world originate in the
United States. Symantec is touting a figure of 31% as the percentage of attacks in the U.S. Worldwide, with China and Germany in second at 10% and 7%. Beyond that, the U.S. has the most malicious servers as well:
The company also found that 51 percent of all known servers used by attackers to buy or sell stolen personal information, such as credit card or bank account numbers, are located in the U.S.
Why the U.S., which has strict laws governing crimes of that nature? While it may be easier to get away with those crimes in emerging countries, the U.S. may be an ample place to launch these attacks from due to the large number of available servers. Co-lo hosts are everywhere, and prices are (relatively) cheap. It still puts things into perspective, though, when most effort seems to be going in to taking down phishing rings in other parts of the world.