The Anti-Phishing Working Group is reporting that phishingattack frequency dropped 20% from late 2012 to early 2013.

Unique phishing attacks also continued the drop in the firstquarter of 2013, falling 31% from January through March.

Phishing, a fraudster favorite, usually involves sending outmass emails aimed at inducing victims to visit a scamster websitewhere they are asked to reveal personal details (such as financialaccount log ins). This has long been a staple in onlinefraud.

According to the APWG, the drop in phishing is due to a drop in virtual serverphishing attacks, where a criminal seizes control of a Web serverthat hosts many unique domains and then creates phishing pages forthose domains.

This accordingly constituted mass attacks on domains. That thereare fewer virtual server based phishing attacks does notnecessarily mean criminals are having less luck breaking throughthose defenses.

“The drastic decrease likely indicates that cybercriminals areutilizing the servers they compromise not for phishingattacks, but rather for more malware or distributed denial ofservice attacks,” said Rod Rasmussen, CTO of Internet Identity, inan APWG press release.

Payment services constituted the most phished kind of businessin Q1 2013, with roughly 45% of attacks. Financial servicesplaced second with 24% of attacks.

The full text of the APWG report is here.