"At Cisco, we have also seen hybrid attacks, whereby the criminals have clearly infiltrated 'accounts payable' and have knowledge of invoice numbers, regular payments, realistic payment amounts, etc." he added.
This means their email requests are often appear legitimate, with just a change in payee account for example, which may be missed for whatever reason."
The nature of BEC means that technical solutions often aren't enough to protect a business, though there are measures, such as implementing two-factor authentication for fund transfer approvals, than can reduce the likelihood of an organisation falling victim.
"Awareness training is essential," Stitt said. "This needs to occur at all levels of business or within an organisation, from the CEO down, it needs to be tailored to the person or group based on their role or function. Regular testing of staff proficiency in recognising threats must also take place.
"Employees or users need to remain vigilant and analytical to requests for access, approvals, transfers and actions involving financial transfers or commitments."
"Emails, text messages and even phone calls need to be verified and treated as though they are suspect," he added.