The FBI's findings included the following:

• Law enforcement globally has received complaints from victims in every U.S. state and in at least 79 countries.
• From October 2013 through February 2016, law enforcement received reports from 17,642 victims. This amounted to more than $2.3 billion in losses.
• Since January 2015, the FBI has seen a 270% increase in identified victims and exposed loss.
• In Arizona, the average loss per scam is between $25,000 and $75,000.

Part whaling, part spear phishing and part social engineering, BEC attackers generally impersonate executives, often CEOs or CFOs, or other trusted figures such as attorneys, controllers or vendors. Whaling is a type of fraud that targets high-profile end users.

In the case of wire fraud, attackers use several techniques to gain access.

"Sometimes it is as simple as an email with a link in it that downloads a keylogger to gain credentials to the company's bank account," Joe Ferrara, CEO for the Pittsburgh-based Wombat Security Technologies, said in a blog post.

In other cases, the criminals research companies to learn when high-level employees will be out of the office. They impersonate the executive to get another employee to expose data, wire money or change bank routing information. The attackers use social media channels, vishing calls, the telephone version of phishing and other means such as SMiShing, short for SMS phishing, to get information.

The FBI told businesses to be wary of email-only wire transfer requests and requests involving urgency, pick up the phone and verify legitimate business partners, be cautious of mimicked email addresses and practice multi-level authentication.

Wombat also warned of the connection between malicious actors and seemingly reputable sources, including competitors.

"We recently had a series of attempts to gain proprietary information from our employees," Ferrara said. "One of the vectors used was a BEC-style email, where the senders posed as a market research company. We are quite certain a competitor or future competitor was behind the activities. And it wasn't a minor effort; they were very persistent."

These attacks mirrored many that have been seen on the web, with multiple attack vectors used in a coordinated effort to obtain data.

"In total, we had three different entities attempting to reach our employees," Ferrara said. "All three offered a consulting fee in exchange for interview time and indicated that they were gathering data for research purposes."

Ferrara said he believes regular training and a top-of-mind attitude toward cybersecurity at Wombat were the primary reasons why the attacks were unsuccessful.

"One of the reasons we believe in creating a culture of security is because we see the benefits firsthand," he said. "In the case of BEC and other personalized social engineering attacks, your employees are your primary line of defense. In our experience, training is the difference maker. It is education that creates a knowledge barrier between the attackers' tactics and your employees' response."