Bad actors are imitating high-level executives in the shipping industry to launch BEC attacks that could lead to credential theft or worse – system compromise.
A business email compromise campaign cost the Save the Children Federation $1 million.
The report also found that simply protecting employees in sensitive departments is not sufficient to protect against BEC.
Hardest hit were organizations using Office 365, with incidents costing more than $2 million each.
The operation also resulted in the seizure of nearly $2.4 million and the recovery of about $14 million in fraudulent wire transfers, said the FBI.
Tech-support scams took off during the year, while whaling/business email compromise was the main threat, accounting for losses of more than $675 million.
Researchers have identified a hacking group behind several widescale maritime shipping industry business email compromise (BEC) attacks since June.
Flashpoint warns of a new business email compromise campaign targeting organizations in various industries with the aim of harvesting credentials.