The report also found that simply protecting employees in sensitive departments is not sufficient to protect against BEC.
Hardest hit were organizations using Office 365, with incidents costing more than $2 million each.
The operation also resulted in the seizure of nearly $2.4 million and the recovery of about $14 million in fraudulent wire transfers, said the FBI.
Tech-support scams took off during the year, while whaling/business email compromise was the main threat, accounting for losses of more than $675 million.
Researchers have identified a hacking group behind several widescale maritime shipping industry business email compromise (BEC) attacks since June.
Flashpoint warns of a new business email compromise campaign targeting organizations in various industries with the aim of harvesting credentials.