Impersonation and credential harvesting attacks are most common among phishing attackers this year, according to new research.

Avanan's 2021 Global Phish Cyber Attack Report finds credential harvesting is used in 54% of all phishing attacks and is up nearly 15% compared to 2019. Researchers also found 20.7% of all phishing attacks are business email compromise (BEC), and only 2.2% are extortion.

Analysis revealed the most targeted industries are IT, healthcare, and manufacturing. IT saw more than 9,000 phishing emails in a one-month span, out of an average of 376,914 total emails. Healthcare received more than 6,000 phishing emails, out of an average of 451,792 total emails; and manufacturing saw just under 6,000 phishing emails, out of an average of 331,184 total emails.

Impersonation is also a top technique among fraudsters. In 51.9% of all impersonation emails, criminals attempted to impersonate a non-executive in the organization. Non-executives are targeted 77% more often than C-level execs, researchers found. The most common tactic is using non-standard characters and limited sender reputation. Non-standard characters are used in 50.6% of phishing links and 84.3% of phishing emails do not have a significant historical reputation with the victim.

The full report can be found here.