The losses stemming from CEO fraud within enterprises is dwarfing the damage caused by ransomware, according to Cisco.
In its mid-year cybersecurity report, citing data from the Internet Crime Complaint Center, Cisco claims that between October 2013 and December 2016 business email compromise (BEC) resulted in $5.3bn being stolen from businesses - equating to $1.7bn a year.
In comparison, ransomware exploits took $1bn from businesses in 2016.
Cisco said that, while ransomware is currently the highest-profile form of cyber fraud, businesses need to be more aware of the threat posed by cyber criminals looking to exploit them via email.
"Ransomware has been drawing much of the attention in the security world lately," the report said. However, a threat that's not nearly as high-profile is raking in far more for its creators than ransomware.
"The risk intelligence provider Flashpoint, a Cisco partner, has studied the BEC problem and has determined that it's currently the most lucrative and profitable method to extract large amounts of money from a business.
"It's a deceptively easy attack vector that relies on social engineering to trigger the theft."
Broadly speaking, BECs campaigns involve cybercriminals posing under the guise of a company employee and asking someone within an organisation with financial credentials to transfer money to an account - sometimes even going as far as pretending to be the CEO.
BECs campaigns can target small companies right up to large enterprises. Higher profile examples include Facebook and Google - both of which found themselves entangled in a $100m scheme after a man was arrested in April this year.
In the US alone 22,300 victims reported being hit by a BEC campaign, the report claimed.
Cisco claims that to combat BECs fraud organisations need to look at their internal business processes, rather than just cybersecurity solutions - particularly because the emails used in these scams don't contain any malware or malicious content that would be flagged up by security software.
It also highlights employee awareness training as a key method to mitigate the risk of BECs scamming, as well as having financial transactions authorised by a second employee within the organisation.
"As for threat tools, sender policy framework (SPF) defences can help block emails with spoofed addresses," the report said.
"However organisations may be hesitant to turn on this feature because SPF can also block legitimate emails - such as marketing messages or newsletters - unless it is properly managed by IT.
"The bottom line is that organisations with an online presence— from giants like Facebook and Google to businesses with just a few dozen employees—are potential targets for BEC fraud.
"It's a low-cost, high-return approach for criminals, which means it will likely grow as a threat vector."
Chief exec Jens Montanana claims Logicalis performed well despite 'currency headwinds'
All the photos from last night's event, which saw over 600 people congregate at the Hilton London Bankside
Five year deal with Essex NHS Trust will cover 400 sites, including hospitals, clinics and GP practices
18 individuals and three companies walked away as winners at CRN's inaugural Women in Channel Awards last night