According to data collected by Microsoft, phishing emails accounted for 0.62 percent of all inbox receipts in September 2019.

That’s up from 0.31 percent just one year prior to that.

The increase is alarming of course, but at first glance, these look like fairly harmless numbers.

Unfortunately, last year, phishing emails targeting business owners (BEC, or Business Email Compromise) cost companies around the world more than a billion dollars last year.  That fact makes the year over year increase terrifying.

The reason BEC campaigns are so successful and so expensive for businesses is that the scammers tend to impersonate CEOs and other high-ranking corporate officials.  When you get an email that by all outward appearances comes from your boss, and it’s marked urgent, you tend to respond right away.  That’s exactly what the scammers are counting on.

Even worse, scammers have gotten increasingly good at crafting their emails.  It has reached the point that even IT professionals have been taken in by them in some cases. They’ve been unable to spot the subtle differences between a scammer’s email impersonating a CEO and an email from the CEO himself.  If an IT professional gets taken in, what hope is there for a busy HR employee or someone from the accounting office who doesn’t face those types of threats on a daily basis?

Given the rapid increase in the number of well-crafted phishing emails, this is a serious, legitimate concern. Unfortunately, bolstered by their own success, you can bet the scammers will be even more prolific.

If there’s a silver lining here it is this:  Microsoft reports that taking the simple step of enabling two-factor authentication across the board is an effective countermeasure.  Phishing attacks tend to be automated, and 2FA blocks 99.9 percent of automated attacks. If you’re not currently using it everywhere, you’re putting yourself at unnecessary risk.