IBM researchers aren't sure why phishing has waned, though the last May likely helped, says Tom Cross, a researcher at IBM. Cross says it may be that phishing isn't paying enough and that attackers are shifting their attention to something "more lucrative, such as ATM skimming."

REPORT:

Financial institutions and their customers remained the target of phishing attacks over half the time, according to the report. Other specific attack targets included auctions, online payments and .

The most popular subject line in a phishing attack, seen about 9% of the time, is " Alert -- Verification of Your Current Details." One of the weirdest, seen in 3% of attacks: "Welcome to Very Best Baking!" -- the typo makes the email look like an advertisement for a bakery.

The top countries or origin for phishing URLs are at 18.8%, the United States at 14.6%, China at 11.3%, South Korea at 9.8% and the United Kingdom at 7.2%.