The report also found that, for enterprises, the most-often attacked vertical was healthcare/pharmaceuticals, displacing the insurance vertical which had held the top spot for the last two years. Energy/utilities came in third, a slot it has held for the last three years, the KnowBe4 report said. Other often-attacked verticals were banking, consulting, financial services, and retail/wholesale.

The report noted that little has changed in the key phishing strategies of claiming a false urgency and trying to manipulate user emotions. “Their strategies often exploit human emotions, aiming to elicit feelings of urgency, confusion, anxiety, or even excitement, all in an attempt to lure recipients into clicking on malicious links or opening harmful attachments,” a statement from KnowBe4 said. “These are effective because they may provoke a person to react before thinking logically about the legitimacy of the email, and have the potential to impact an employee’s personal life and professional workday.”

Although the time-honored phishing mechanism of including malware-delivering URLs to click or attachments to open still dominates, the vendor said QR codes are increasingly being used.