an employee 's email account in order to masquerade asAttack.Phishingthe staff member in question . Once access was gainedAttack.Databreachto the account , the hackers behind the scam createdAttack.Phishinga number of false invoices and related documents which described a need to purchase solar panels for health centers located in Pakistan . The Connecticut-based charity organization fell for the ruseAttack.Phishing, conducted in May 2017 , and approved the transfer of close to $ 1 million to an entity in Japan which was used as a front to rake in the proceeds . By the time the foundation realized the invoice was false , it was too late and the money was gone . The publication says that Save the Children possessed insurance which covered close to all of the lost funds , and in the end , the charity only lost $ 112,000 . `` We have improved our security measures to help ensure this does not happen again , '' Stacy Brandom , the chief financial officer of Save the Children told the Globe . `` Fortunately , through insurance , we were ultimately reimbursed for most of the funds . '' The scammers targeting the charity appeared to follow the rules of Business Email Compromise (BEC) attacksAttack.Phishingalmost to the letter . These campaigns have a number of steps , compromiseAttack.Databreacha business email account via brute-force hacking or social engineering ; pretend to beAttack.Phishinga legitimate staff member , and lureAttack.Phishinganother individual to approve false invoices or fraudulent payments . The FBI has previously warned that December 2016 and May 2018 , there was a 136 percent increase in BEC scamsAttack.Phishing, reported across 150 countries , Ill-gotten funds are often sent to entities in Asia and billions of dollars have been lost . In February , IBM said a single BEC scamAttack.Phishingoriginating in Nigeria led to the loss of millions of dollars belonging to Fortune 500 companies . These types of scams are incredibly common and it can be difficult to track down the fraudsters responsible , who may be located in any country in the world . However , on rare occasion , a BEC scam artist is taken to task for their actions . In September , a man from Nigeria was ordered to pay $ 2.5 million and serve five years in prison for conducting a variety of BEC scamsAttack.Phishingagainst enterprise companies . Prosecutors estimate that the con artist defrauded victims out of hundreds of millions of dollars .
Save the Children Foundation has revealed that the charity was targeted by fraudsters last year , leading to the loss of $ 1 million . Speaking to the Boston Globe , the US arm of the non-profit , which supports children worldwide , said that con artists managed to compromiseAttack.Databreachan employee 's email account in order to masquerade asAttack.Phishingthe staff member in question . Once access was gainedAttack.Databreachto the account , the hackers behind the scam createdAttack.Phishinga number of false invoices and related documents which described a need to purchase solar panels for health centers located in Pakistan . The Connecticut-based charity organization fell for the ruseAttack.Phishing, conducted in May 2017 , and approved the transfer of close to $ 1 million to an entity in Japan which was used as a front to rake in the proceeds . By the time the foundation realized the invoice was false , it was too late and the money was gone . The publication says that Save the Children possessed insurance which covered close to all of the lost funds , and in the end , the charity only lost $ 112,000 . `` We have improved our security measures to help ensure this does not happen again , '' Stacy Brandom , the chief financial officer of Save the Children told the Globe . `` Fortunately , through insurance , we were ultimately reimbursed for most of the funds . '' The scammers targeting the charity appeared to follow the rules of Business Email Compromise (BEC) attacksAttack.Phishingalmost to the letter . These campaigns have a number of steps , compromiseAttack.Databreacha business email account via brute-force hacking or social engineering ; pretend to beAttack.Phishinga legitimate staff member , and lureAttack.Phishinganother individual to approve false invoices or fraudulent payments . The FBI has previously warned that December 2016 and May 2018 , there was a 136 percent increase in BEC scamsAttack.Phishing, reported across 150 countries , Ill-gotten funds are often sent to entities in Asia and billions of dollars have been lost . In February , IBM said a single BEC scamAttack.Phishingoriginating in Nigeria led to the loss of millions of dollars belonging to Fortune 500 companies . These types of scams are incredibly common and it can be difficult to track down the fraudsters responsible , who may be located in any country in the world . However , on rare occasion , a BEC scam artist is taken to task for their actions . In September , a man from Nigeria was ordered to pay $ 2.5 million and serve five years in prison for conducting a variety of BEC scamsAttack.Phishingagainst enterprise companies . Prosecutors estimate that the con artist defrauded victims out of hundreds of millions of dollars .
Last week , the Internal Revenue Service ( IRS ) issued a new warning to employers , urging them to stay alert as reports of compromised W-2 records started to climb . This newest advisory aligns with the agency 's plan to delay refunds for those filing their returns early in order to combat identity theft and fraud . The IRS also informed employers the W-2 scam has moved beyond corporations , expanding to include schools , tribal organizations , and nonprofits . In a statement , IRS Commissioner , John Koskinen , said the scams - sometimes known as Business Email Compromise (BEC) attacksAttack.Phishing- are some of the most dangerous email scams the agency has seen in a long time . [ Learn about top security certifications : Who they 're for , what they cost , and which you need . `` It can result in the large-scale theft of sensitive dataAttack.Databreachthat criminals can use to commit various crimes , including filing fraudulent tax returns . We need everyone ’ s help to turn the tide against this scheme , '' Koskinen said . In 2016 , at least 145 organizations fell victim to BEC scamsAttack.Phishing, exposing tens of thousands of employees to tax fraud and identity theft . Salted Hash kept track of some of the high-profile cases , and Databreaches.net tracked everything , resulting in a massive list of documented successful attacks . As of February 5 , 23 organizations have disclosed BEC-related data breachesAttack.Databreachpublicly , each one resulting in compromised W-2 data . The confirmed BEC victims include ten school systems , a software development firm , a utility company in Pennsylvania , at least one restaurant in Indianapolis , and businesses operating within the healthcare , finance , manufacturing , and energy sectors . Distribution International emailed employees that their W-2 data was compromisedAttack.Databreachon January 27 . Their notification expands the number of affected taxpayers to more than 30,000 . The scammers spoofedAttack.Phishingan email and pretended to beAttack.Phishingone of the company 's owners . W-2 records for all companies and all employees were compromisedAttack.Databreach. Salted Hash reached out to Sky Climber 's CFO , Jeff Caswell , for more information . Also , the College of Southern Idaho has reported an incident that could impact 3,000 employees . According to Public Information Officer Doug Maughan , the W-2 records affected belong to seasonal and auxiliary staff . Palomar College disclosed an attackAttack.Databreachon January 30 , which affected employee W-2 records . The school did n't say the incidentAttack.Databreachwas the result of a BEC attackAttack.Phishing, but Salted Hash is listing it anyway due to the timing of the attack and the information targeted . Finally today , the West Michigan Whitecaps - a Class A minor league baseball team affiliated with the Detroit Tigers - said staff W-2 records were compromised after someone posing asAttack.Phishinga manager requested them . In 2016 , the criminals behind the BEC attacksAttack.Phishingmostly focused on payroll and tax records . This year though , the IRS says that in addition to the usual records request , the scammers are now following-up and requesting wire transfers . `` Although not tax related , the wire transfer scam is being coupled with the W-2 scam email , and some companies have lost both employees ’ W-2s and thousands of dollars due to wire transfers , '' the IRS explained in their warning . `` Employers should consider creating an internal policy , if one is lacking , on the distribution of employee W-2 information and conducting wire transfers . '' BEC attacksAttack.Phishingare essentially Phishing scamsAttack.Phishing, or Spear PhishingAttack.Phishingsince the criminals have a specific target . They 're effective too , exploiting the trust relationships that exist within the corporate environment . In a majority of the reported cases from 2016 , the attackers forgedAttack.Phishingan email and pretended to beAttack.Phishingthe victim organization 's top executive , or someone with direct authority . Often it is the CEO or CFO , but any high-level manager will work .