An interesting blog on cyber-knowledge.net details how the
author obtained 20,000 MySpace login combos (email/password) via somebody
elses phisihing attempts. He then went
on to analyze the email addresses in order to build up a profile of your
average phished userneedless to say AOL, Hotmail and Yahoo came top of the
list (although one would expect those to be the most heavily spammed domains
too). When it came to analysing the
passwords there were of course people who entered password and abc123 but
on the whole they werent too bad; a clear majority of the passwords were 6characters or more with 65% including numbers.
Take a look at the blog for a full analysis.