The most lucrative form of cyber crime might not be the one you first expect.  

While ransomware gets global attention when it takes down vital services and cyber criminals get away with multi-million dollar ransom payments, there's another big cybersecurity issue that's costing the world more money, but remains an embarrassing secret for many, even though, according to the FBI, it's cost victims over$43 billion dollars to date. 

Business email compromise (BEC) scams may lack the drama of hacking attacks but it's possible to argue that they've become the biggest cybersecurity issue facing the world today. 

Security

• 8 habits of highly secure remote workers
• How to find and remove spyware from your phone
• The best VPN services: How do the top 5 compare?
• How to find out if you are involved in a data breach -- and what to do next

"Business email compromise is the number one cyber-crime, period -there is no sugarcoating it. It's an international, global problem with victims in over 90% of countries in the world -that's the scale we're operating at," says Ronnie Tokazowski, principal threat advisor at cybersecurity company Cofense. 

SEE: The next big security threat is staring us in the face. Tackling it is going to be tough

BEC attacks are built on using social engineering to trick victims into transferring a payment to cyber criminals. Often scammers will pose as a colleague, a client, your boss or a business partner to make their request seem legitimate. 

There are two main ways in which scammers attempt financial BEC frauds. The first is by sending emails from a spoofed account pretending to be someone you know, with a request to make a transfer.  

The other is more sophisticated, with attackers stealing usernames and passwords to break into legitimate email accounts and using those accounts to make their requests for funds. Sometimes this happens midway through a real conversation, which makes it seem even more plausible in what's called a conversation-hijacking attack. 

In each case, the scammer asks for a payment to be made urgently. Often, in order to hurry things along, they claim that the payment must be made quickly and that it also should be kept a secret, telling the potential victim that disclosing the transaction could put a business deal at risk.  

The payment, of course, is in reality sent to an account owned or controlled by the cyber criminals. By the time anyone notices something is wrong, it's likely the scammers have withdrawn and made off with the money, either spending it or laundering it elsewhere. 

The sums transferred as part of BEC attacks can be in the hundreds of thousands of dollars. But they're often not reported, because many businesses that fall victim don't class it as a cybersecurity issue -and when it is reported, because money is involved, it gets reported to finance.  

"Business email compromise hasn't gotten the attention it deserves as a potential attack because, for the longest time, it's not been a security issue," says Adenike Cosgrove, cybersecurity strategist at Proofpoint. 

"They're not going to the security team, they're going to the finance team -and it's escalated to the CEO or CFO and then becomes a legal and financial issue, not a security issue," she adds. 

Thus, unlike ransomware