The Business Email Compromise (BEC) epidemic shows no signs of abating, after Proofpoint revealed a 17% increase in attacks last year.

The security vendor analyzed over 160 billion emails sent to more than 2400 companies spanning 150 countries to compile its 2017 Email Fraud Threat Report.

It revealed that by the fourth quarter, nearly 89% of all organizations were targeted by at least one attack — a major jump from the 75% targeted in Q4 2016.

Proofpoint claimed that attacks are typically low in volume but expanding within organizations to target more people across more units, and spoofing more identities.

The average number targeted in each organization was 13.

Most attacks are designed with wire transfer fraud in mind, with almost a third of emails containing the word “payment” in the subject line. Scams also coincided with the US tax deadline in Q1.

“To sound legitimate, the attackers manipulate the tone of their email copy. They take on different personalities, including ‘the authoritarian’ who uses a direct and urgent approach, or ‘the conversationalist’ who builds a dialogue before asking for the request,” Proofpoint explained.

“We also saw an increase in the number of ‘fake email chain’ messages, where the attacker will create a false email history to give a realistic experience and appear more credible. By Q4, more than 11% of all email fraud attacks included a variation of this tactic.”

The good news is that government agencies in the US and UK are implementing DMARC to help reduce email fraud. However, Proofpoint warned that fraudsters also use display name spoofing and lookalike domain spoofing to bypass fraud filters, meaning a multi-layered response is essential to mitigate risk.

In May 2017, the FBI issued a notice claiming that BEC scams had cost businesses an estimated $5bn over the previous three years, with losses rising 2370% from January 2015 to December 2016 alone.