According to a recent report from Trend Micro, the email addresses of CEOs are most often spoofed to be used in email-based cyberattacks. The 2017 Midyear Security Roundup: The Cost of Compromise report, released Monday, also showed that managing director emails were also spoofed often.

While those positions are often spoofed, they aren’t the biggest targets of these attacks. The biggest target, according to the report, was the CFO, followed by the director finance. This makes sense, as these are the professionals in charge of the company’s money.

Spoofed emails used in these kinds of attacks are part of a greater trend in cybersecurity known as business email compromise (BEC), the report said. FBI data cited in the report notes that the global losses due to BEC are $5.3 billion since 2013.

SEE: How to build a successful career in cybersecurity (free PDF)

Geographically, BEC attacks were focused on five countries. Here’s how they break down in regards to the number of attacks in that area relative to the number of attacks worldwide:

  • United States – 30.96%
  • Australia – 27.40%
  • United Kingdom – 22.46%
  • Norway – 4.88%
  • Canada – 3.43%

The remaining 10.87% of attacks were spread out among the rest of the world. According to the report, the above data only refers to attempted attacks, not necessarily successful ones.

BEC relies on social engineering and doesn’t need a successful penetration technique to be successful, the report said. Trend Micro suggests that businesses use email solutions that protect against these engineered messages and, most importantly that they train employees of all levels to recognize these threats.

“High-ranking executives and rank-and-file employees alike, if uninitiated, could be duped into sending funds via wire transfer or revealing information necessary for cybercriminals to pull off their fraudulent schemes,” the report said.

Over the past year, the report said, other types of attacks like malware and ransomware grew exponentially as well. Efforts like WannaCry and Petya led Trend Micro to title 2016 “the year of online extortion.”

Additionally, the report noted that companies are still being attacked through older vulnerabilities and IoT-connected devices were creating a whole new set of vulnerabilities that companies should be aware of.

The 3 big takeaways for TechRepublic readers

  1. When it comes to email compromise, CEO email addresses are the most spoofed in these attacks, a Trend Micro report said.
  2. The CFO and director of finance are the most targeted members of an organization when it comes to business email compromise, as they control the money.
  3. Businesses should employ tools that filter and protect their email, while also investing in training their employees to recognize these email threats.