The Anti-Phishing Working Group is reporting that phishing attack frequency dropped 20% from late 2012 to early 2013.

Unique phishing attacks also continued the drop in the first quarter of 2013, falling 31% from January through March.

Phishing, a fraudster favorite, usually involves sending out mass emails aimed at inducing victims to visit a scamster website where they are asked to reveal personal details (such as financial account log ins).  This has long been a staple in online fraud.

According to the APWG, the drop in phishing is due to a drop in virtual server phishing attacks, where a criminal seizes control of a Web server that hosts many unique domains and then creates phishing pages for those domains.

This accordingly constituted mass attacks on domains. That there are fewer virtual server based phishing attacks does not necessarily mean criminals are having less luck breaking through those defenses.

“The drastic decrease likely indicates that cybercriminals are utilizing the servers they compromise not for phishing attacks, but rather for more malware or distributed denial of service attacks,” said Rod Rasmussen, CTO of Internet Identity, in an APWG press release.

Payment services constituted the most phished kind of business in Q1 2013, with roughly 45% of attacks.  Financial services placed second with 24% of attacks.

The full text of the APWG report is here.