Here's how it works: A company receives an email that looks as if it came from the CEO. The email typically instructs someone who manages the company's money to send a payment to a certain bank account or provide login information to the company's payroll system.
But the email isn't genuine, and it often comes from a fraudulent domain that looks very similar to the legitimate company website. The bank account the money is sent to isn't a legitimate customer; it's an account owned by scammers. Fraudsters have also made away with payroll information about hundreds of employees using this technique.
RELATED: Recent cases of data breaches
Notable Data Breaches
The FBI says there's been a 'dramatic rise' in an email scam that has stolen more than $2.3 billion
LONDON, ENGLAND - AUGUST 19: A detail of the Ashley Madison website on August 19, 2015 in London, England. Hackers who stole customer information from the cheating site AshleyMadison.com dumped 9.7 gigabytes of data to the dark web on Tuesday fulfilling a threat to release sensitive information including account details, log-ins and credit card details, if Avid Life Media, the owner of the website didn't take Ashley Madison.com offline permanently. (Photo by Carl Court/Getty Images)
The Homeland Security Department headquarters in northwest Washington, Friday, June 5, 2015. China-based hackers are suspected once again of breaking into U.S. government computer networks, and the entire federal workforce could be at risk this time. The Department of Homeland Security said in a statement that data from the Office of Personnel Management _ the human resources department for the federal government _ and the Interior Department had been compromised. (AP Photo/Susan Walsh)
FILE - In this Feb. 5, 2015 file photo, the Anthem logo hangs at the health insurer's corporate headquarters in Indianapolis. Insurers aren't required to encrypt consumers' data under a 1990s federal law that remains the foundation for health care privacy in the Internet age _ a striking omission in light of the cyberattack against Anthem, the nation's second-largest health insurer. (AP Photo/Michael Conroy, File)
Sony Pictures Entertainment headquarters in Culver City, Calif. on Tuesday, Dec. 2, 2014. The FBI has confirmed it is investigating a recent hacking attack at Sony Pictures Entertainment, which caused major internal computer problems at the film studio last week. (AP Photo/Nick Ut)
FILE - In this file photo made Oct. 6, 2009, employee John Abou Nasr pushes shopping carts in the parking lot of a Home Depot in Methuen, Mass. Home Depot's data breach could wind up being among the largest ever for a retailer, but that may not matter to its millions of customers. (AP Photo/Elise Amendola, File)
Shoppers arrive at a Target store in Los Angeles on Thursday, Dec. 19, 2013. Target says that about 40 million credit and debit card accounts may have been affected by a data breach that occurred just as the holiday shopping season shifted into high gear. (AP Photo/Damian Dovarganes)
Graphic shows details of recent notable data breaches by organization; 3c x 7 inches; 146 mm x 177 mm;
Discover More Like This
BACK TO SLIDE
The FBI has published a security alert warning businesses in the U.S. about the email scam. It says police officials around the world have heard of the scam, and it has been reported in 79 countries. The alert says that from October 2013 to February, the FBI was made aware of $2.3 billion (£1.6 billion) in money lost because of the email scam.
The real cost of the scam is likely to be higher, though, as it's unlikely that every payment was noticed or reported.
Some big tech companies have been targeted as part of this scam. Snapchat acknowledged in February that one of its employees had accidentally revealed payroll information after being tricked by an email claiming to have been sent by CEO Evan Spiegel. The data-storage company Seagate fell victim to the scam in March. Fast Company's publisher, Mansueto Ventures, was tricked into handing over data as well.