that could endanger their personal information and next year ’ s tax refund . The most common way for cybercriminals to stealAttack.Databreachbank account information , passwords , credit cards or social security numbers is to simply ask for them . Every day , people fall victim to phishing scamsAttack.Phishingthat cost them their time and their money . Those emails urgently warning users to update their online financial accounts—they ’ re fake . That email directing users to download a document from a cloud-storage provider ? Fake . Those other emails suggesting the recipients have a $ 64 tax refund waiting at the IRS or that the IRS needs information about insurance policies—also fake . So are many new and evolving variations of these schemes . The Internal Revenue Service , state tax agencies and the tax community are marking National Tax Security Awareness Week with a series of reminders to taxpayers and tax professionals . Phishing attacksAttack.Phishinguse email or malicious websites to solicit personal , tax or financial information by posing asAttack.Phishinga trustworthy organization . Often , recipients are fooledAttack.Phishinginto believing the phishingAttack.Phishingcommunication is from someone they trust . A scam artist may take advantage of knowledge gained from online research and earlier attempts to masquerade asAttack.Phishinga legitimate source , including presenting the look and feel of authentic communications , such as using an official logo . These targeted messages can trickAttack.Phishingeven the most cautious person into taking action that may compromise sensitive data . The scams may contain emails with hyperlinks that take users to a fake site . Other versions contain PDF attachments that may download malware or viruses . Some phishing emails will appear to come fromAttack.Phishinga business colleague , friend or relative . These emails might be an email account compromise . Criminals may have compromisedAttack.Databreachyour friend ’ s email account and begin using their email contacts to sendAttack.Phishingphishing emails . Not all phishing attemptsAttack.Phishingare emails , some are phone scams . One of the most common phone scams is the caller pretending to beAttack.Phishingfrom the IRS and threatening the taxpayer with a lawsuit or with arrest if payment is not made immediately , usually through a debit card . Phishing attacksAttack.Phishing, especially online phishing scamsAttack.Phishing, are popular with criminals because there is no fool-proof technology to defend against them . Users are the main defense . When users see a phishing scamAttack.Phishing, they should ensure they don ’ t take the baitAttack.Phishing.
Save the Children Foundation has revealed that the charity was targeted by fraudsters last year , leading to the loss of $ 1 million . Speaking to the Boston Globe , the US arm of the non-profit , which supports children worldwide , said that con artists managed to compromiseAttack.Databreachan employee 's email account in order to masquerade asAttack.Phishingthe staff member in question . Once access was gainedAttack.Databreachto the account , the hackers behind the scam createdAttack.Phishinga number of false invoices and related documents which described a need to purchase solar panels for health centers located in Pakistan . The Connecticut-based charity organization fell for the ruseAttack.Phishing, conducted in May 2017 , and approved the transfer of close to $ 1 million to an entity in Japan which was used as a front to rake in the proceeds . By the time the foundation realized the invoice was false , it was too late and the money was gone . The publication says that Save the Children possessed insurance which covered close to all of the lost funds , and in the end , the charity only lost $ 112,000 . `` We have improved our security measures to help ensure this does not happen again , '' Stacy Brandom , the chief financial officer of Save the Children told the Globe . `` Fortunately , through insurance , we were ultimately reimbursed for most of the funds . '' The scammers targeting the charity appeared to follow the rules of Business Email Compromise (BEC) attacksAttack.Phishingalmost to the letter . These campaigns have a number of steps , compromiseAttack.Databreacha business email account via brute-force hacking or social engineering ; pretend to beAttack.Phishinga legitimate staff member , and lureAttack.Phishinganother individual to approve false invoices or fraudulent payments . The FBI has previously warned that December 2016 and May 2018 , there was a 136 percent increase in BEC scamsAttack.Phishing, reported across 150 countries , Ill-gotten funds are often sent to entities in Asia and billions of dollars have been lost . In February , IBM said a single BEC scamAttack.Phishingoriginating in Nigeria led to the loss of millions of dollars belonging to Fortune 500 companies . These types of scams are incredibly common and it can be difficult to track down the fraudsters responsible , who may be located in any country in the world . However , on rare occasion , a BEC scam artist is taken to task for their actions . In September , a man from Nigeria was ordered to pay $ 2.5 million and serve five years in prison for conducting a variety of BEC scamsAttack.Phishingagainst enterprise companies . Prosecutors estimate that the con artist defrauded victims out of hundreds of millions of dollars .
Social media phishing attacksAttack.Phishingjumped by a massive 500 % in Q4 , driven by a huge increase in fraudulent accounts including many posing asAttack.Phishingcustomer support for big name brands , according to Proofpoint . The security vendor revealed the findings in its Q4 2016 Threat Summary and Year in Review report . It claimedAttack.Phishingfraudulent accounts across sites like Twitter and Facebook increased 100 % from the third to fourth quarter . Such accounts are used for phishingAttack.Phishing, malware distribution , spam and other ends . In fact , Proofpoint observed a 20 % increase in Facebook and Twitter spam from Q3 to Q4 , with the quarter recording the second highest spam volume in the year . Yet it was a particular variety of phishing that caught the eye . So-called “ angler phishingAttack.Phishing” is a relatively new tactic in which the black hats register fake Twitter accounts that masquerade asAttack.Phishingcustomer support accounts . They monitor the real support accounts for irate customer messages and then quickly jump in to send messages back to those users loaded with malicious links . The tactic was particularly common among financial services and entertainment accounts , according to the report . Elsewhere , the number of new ransomware variants grew 30-fold over Q4 , and malicious email campaigns grew significantly , with Q4 's largest campaign 6.7 times the size of Q3 's . Some of the biggest campaigns apparently involved hundreds of millions of messages dropping Locky ransomware . However , there was some good news , with scams involving the spoofing of CEO emails sent toAttack.PhishingCFOs falling 28 % in the final quarter . This is partly because CFOs are more cautious about the veracity of such messages , but can also be linked to a 33 % surge in DMARC implementation which helped to block attempts to spoofAttack.Phishingthe CEO ’ s email address . In addition , exploit kits remained at low levels of activity after some high profile Angler EK arrests in Q2 , although large scale malvertising campaigns persisted , Proofpoint claimed .