Companies should step up their employee education efforts, add multi-factor authentication for logins to key systems, and add layers of approvals for potentially risky transactions such as unusual wire transfers or changes in payment location.
Another new wrinkle, according to Ed Cabrera, vice president of cybersecurity strategy at Trend Micro, is that fraudsters are combining email messages with phone calls.
"Adding the human element further preys on ill-prepared organizations that are not able to detect this type of compromise," Cabrera said.
When confirming payments, it's good practice to use known contact information for colleagues and vendors, instead of replying automatically to emails, or using telephone numbers or other contact or payment details provided in those emails.
According to Trend Micro, some business email compromise scams have netted the crooks extremely large sums of money.
In January, for example, airplane parts manufacturer FACC Operations GmBH, was hit for $54 million.
And last week, U.S. authorities filed suit in Manhattan to recovering the remaining $25 million out of nearly $100 million stolen from an American company -- the other $74 million has already been recovered and returned.
Since January 2016, 67 percent of respondents to a survey by email security company Mimecast had seen an increase in attacks designed to instigate fraudulent payments and 43 percent saw an increase in attacks specifically asking for confidential data like HR records or tax information.
"Since the beginning of this year, BEC has exploded in several directions," said Stu Sjouwerman, CEO at KnowBe4.
He pointed out that the $100 million fraud was actually caught by one of the intermediary banks, based in Cyprus, not by the victimized company itself.
According to a bulletin issued by the FBI at the end of March, companies in 79 countries lost more than $2.3 billion to BEC fraud since October 2013, with the majority of the victims located in the U.S.
The still-unnamed US company that lost $100 million should consider itself lucky.
"In many cases, law enforcement cannot recover funds sent overseas and may not identify the perpetrator; therefore, education and prevention are stressed," the FBI warned.
Sign up for CIO Asia eNewsletters.