The NJCCIC’s email security solution observed a phishing campaign aimed at harvesting Microsoft account credentials, multi-factor authentication (MFA) tokens, and associated session cookies. Messages in this campaign appear to come from DocuSign, Edward Jones...
As the unofficial summer travel season is underway, many people will be busy with upcoming travel plans. Threat actors will also be busy performing reconnaissance, exploiting vulnerabilities, and capitalizing on travel websites and accounts. They continue to create spoofed websites...
Analysts began monitoring a phishing scam known as “Payroll Pirates” that involves payroll redirection and primarily targets employees of various organizations, particularly those using Workday. The threat actors use malicious SEO poisoning and spoofed Human Resources (HR) pages.
The NJCCIC’s email security solution detected a new credential and card harvesting phishing scheme impersonating American Express. Several subject lines were utilized in this campaign. Upon clicking the provided link, users are redirected to a webpage imitating a login page.
The NJCCIC recently received an incident report regarding search engine optimization (SEO) poisoning. An individual searched for Facebook’s Help Center using a popular search engine and found a fictitious 1-888 phone number for Facebook Support as one of the top results.
Threat actors continue to employ the “Sitting Ducks” technique to hijack legitimate domains for phishing and investment fraud. Analysts reported nearly 800,000 vulnerable domains in three months, with about 9 percent subsequently hijacked. This method exploits misconfigured DNS settings.
