The group is reporting 154 banks, financial companies, electronic retailers, or other organizations had their brands hijacked through phishing in July 2006 – a new record. They also report to have found 23,670 total phishing websites used to commit identity theft, fraud and other malicious activity in July 2006. This number is second only to the record 28,571 phishing sites found in June 2006, and is nearly double the 14,135 phishing sites found in July 2005. A number of phishing websites are in fact legitimate servers that were compromised through software vulnerabilities, exploited by hackers and covertly turned into illegal phishing sites – making the hackers more difficult to track.