"This is not an unusual event," he said. "I know of two instances in the Chicago area where similar events occurred."
Talbot Harty, CEO at Fremont, Calif.-based security vendor DeviceAuthority, Inc. suggested that companies also create authorization codes, or phrases, to use for high-value transactions.
Financial institutions should also step up and take one some of the responsibility for these kinds of frauds, experts say.
For example, financial institutions can offer two-factor authentication, or two-person controls to move funds above a certain limit, said Todd Inskeep, advisory board member at RSA Conference.
Companies should also ask their banks if they offer insurance for online transactions, or escrow services for securing off-shore transactions.
"We also like to see an agreement with banking partners where the liability for any failure of the financial institution to adhere to protocol would be assumed 100 percent by the banking institution," said Damian Caracciolo, vice president at Cleveland-based CBIZ, Inc. "A simple call back and confirmation procedure may have prevented this from ever getting past the first fraudulent email."
Sign up for CIO Asia eNewsletters.