Last week, the NJCCIC reported increased phishing attempts targeting NJ state employees by impersonating the IRS. Proofpoint analysts noted a rise in tax-themed phishing campaigns, particularly as tax deadlines approach in the US and the UK.
Tax season is ripe with social engineering schemes designed to steal tax information, including W-2 personally identifiable information (PII), dates of birth, bank account or credit card numbers, and driver's license numbers. The emails include a fraudulent link to pay taxes...
In April 2024, the NJCCIC reported an uptick in unpaid road toll SMiShing scams. Similar SMiShing scams have resurfaced, as threat actors are impersonating multiple road toll agencies nationwide to target New Jersey residents to collect personal and financial information.
The NJCCIC received incident reports indicating that the well-known sextortion email scam is again circulating. Some reports noted that the threatening message was included in a PDF attachment named after the target rather than in the body of the email.
After the quick rise and fall of the Rockstar2FA Phishing-as-a-Service (PhaaS) platform, a new phishing platform, dubbed FlowerStorm, was observed filling in the gap left behind in Rockstar’s absence. Rockstar2FA platform had a simple interface that utilized adversary-in-the-middle.
Authentic notifications from financial institutions via email and text messaging can help inform users of account activity, such as balances and transactions. However, if a user has consented to receive such notifications, it may be challenging to determine if a notification is real.
The Federal Trade Commission (FTC) warned job seekers about the continued rise in online job scams. These scams, also known as “task scams,” request for repetitive tasks to be performed. These tasks are often completed in an app or a platform that tracks completed tasks...
Commodity phishing attacks, known as Phishing-as-a-Service (PhaaS) kits, remain prevalent due to their low cost, anonymity, and ease of execution. Advanced in-the-middle (AiTM) techniques allow attackers to bypass additional security measures such as MFA.
Researchers have discovered a new phishing campaign utilizing Microsoft’s Word file recovery feature. In this campaign, threat actors exploit the corrupted file state to disguise the file type and evade detection by security tools. These emails pretend to be sent from human resources...
In 2023, SpyCloud reported that 61 percent of data breaches were associated with infostealer malware. Cyber threat actors use infostealers to exfiltrate sensitive data on the systems they infect, such as saved browser passwords and cookies, cryptocurrency wallets, and more.
