According to the FBI, spear-phishers have netted some $2.3bn since 2013 in a variety of semi-sophisticated, global email frauds.
Typically, they involve spoofed email addresses from the CEO of some other senior figure in an organisation, with instructions for cash to be transferred to accounts in places like China, Hong Kong or anywhere else that the money can be quickly and easily spirited away and laundered.
They also have a reasonably plausible cover story to accompany it, and some urgent reason for secrecy as well, of course. And when an apparently senior figure demands that something be done, people are a lot less likely to question it.
Fake invoice fraud isn't new, but the sheer scale of email spear-phishing - involving millions of pounds, dollars or euros rather than mere tens or hundreds - not to mention the ease with which the perpetrators can hide, makes it much harder to combat.
While very few of these $2.3bn in frauds are ever widely publicised, here's the biggest frauds that we do know of - so far. With billions up for grabs, 2017 will almost certainly see even more companies ensnared.
5. Scoular, $17.2m (£13.6m)
You'd expect the chaps at a commodities trading company, one of the largest private companies in the US, to be smart enough to spot a blatant fraud when it dropped into their email in-trays, but apparently not.
Yet the $17.2m email fraud at Scoular, a 124-year-old grain trading and storage company, wasn't a random affair or part of a wide-scale phishing spam-out, but a highly targeted, spear-phishing attack.
Aimed at Keith McMurtry, corporate controller of Scoular, the email purported to come from the CEO of the company, ordering him to wire the money to an offshore bank account, lickety-split. Apparently, the top-secret email revealed that the company was in talks to acquire a Chinese company and a KPMG lawyer would provide all the details required to wire the money to a bank account in China.
"We need the company to be funded properly and to show sufficient strength toward the Chinese. Keith, I will not forget your professionalism in this deal, and I will show you my appreciation very shortly," suggested the email, re-published by the FT.
In a series of three transactions, McMurtry did as he was told, wiring the money to an account in the name of Dadi Co at Shanghai Pudong Development Bank.
Of course, the emails were all fraudulent, spoofed to look like they came from the CEO, and even had the name of a bona fide partner at KPMG - together with fake contact email and phone numbers.
When the FBI investigated, they traced the phoney email account from Elsea to Germany, the KPMG email account linked to a server in Moscow, and the phone numbers were traced to a Skype account registered in Israel.
Dadi, the genuine Chinese company to whom the funds were transferred, manufactures boots, according to the FT. Officials there swore blind that the payments were part of a legitimate contract for army boots. When the FBI obtained a court order to seize the funds held at the Chinese bank, it was told that the account had been closed and the funds transferred.
Next: How Xoom rapidly lost $30m
AlphaBay users had flocked to Hansa after it was closed down - not realising it had already been taken over by Dutch police
Microsoft closes in on $100bn annual revenues with sales weighing-in at $23.3bn
Moves to take down cyber-squatted domains reveals Fancy Bear hacking network, claims Microsoft
Intel claims 'world first' in artificial intelligence that can be plugged-in almost anywhere