Email-based scams targeting W-2 data remains a top threat for CFOs and HR Credit: frankieleon Since the end of 2015, criminals have gone on a rampage targeting W-2 information at organizations both large and small. So far this year, more than sixty organizations have come forward as victims of business email compromise (BEC) scams, including three just last week.Despite today’s tax deadline with the IRS, these attacks show little sign of slowing down.“Business email compromise attacks are hitting all industries, at a scale never seen before—and we don’t anticipate it will slow down anytime soon. It’s especially critical that finance, payroll, and human resources departments be alert for these scams,” said Proofpoint’s SVP of strategy Ryan Kalember.Last week Bristol Farms Inc. told employees that someone impersonated a company executive and requested 2015 W-2 information. An employee, believing the request to be legitimated, complied. The incident occurred on March 30. In a letter dated April 13, the Academy of Art University reported an incident from April 4 that targeted W-2 details. Sticking to the established pattern, someone posed as a university executive and requested the tax information via email. The employee who received the request believed it to be legitimate and attached the requested information to an emailed response.Morongo Casino, a Native American Casino & Resort located near Palm Springs, told employees last week that someone posed as an executive and emailed a request for 2015 W-2 records. Once again, the employee who received the request believed it was valid and complied. The incident happened on March 23. The casino is also dealing with a PII problem, as 19 guests received account details on less than one-percent of the casino’s rewards club members.In a somewhat related story, one unidentified American company was bilked out of $100 million, after someone posed as a legitimate vendor via email. The details were disclosed by the US government in a civil forfeiture lawsuit filed last week in Manhattan.$74 million of the stolen funds have been recovered. The lawsuit is an attempt to recover the remaining money, which is being held in different banks across the globe.Head over to this story to see additional BEC-related coverage form Salted Hash. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe