Cybercriminals latest tactics includes “phishing” for your personal information through text message and scams. This includes them stealing your data or money by tricking you into clicking a link, revealing personal details or login information. This article includes tips to utilize when handling suspicious messages.
Okta identity and access management service identified adversarial activity that leveraged a stolen credential to access the support case management system. The threat actor was able to view sensitive HTTP Archive (HAR) files. This article explains the lessons learned from this to protect against this.
Vendor email compromise (VEC) is a targeted and in-depth type of business email compromise (BEC) in which cybercriminals impersonate a third-party vendor in order to steal funds from that vendor's customers. Read for information on this phishing scam targeting customers.
It is common to see social media posts claiming someone’s lost pet or family member was found, with the intent to reunite them with their family. Users frequently share these posts in hopes of assisting others. Scammers are using these same lures to spread what starts as an innocuous post.
“Your Account Is Set To Close” is a phishing email tactic that claims your Microsoft account is set to be closed on a specific date due to inactivity or failed errors. It asks you to sign in to your account before the given date to avoid deletion. Read to stay vigilant of scams like this.
Hackers use social media to target unsuspecting users searching for connections, job and business opportunities, and more. LinkedIn is one of many platforms for social engineering schemes as its users inherently trust it more than others due to its focus on careers.
The NJCCIC observed multiple campaigns purporting to come from HR departments from US and non-US top-level domains, masquerading as acknowledgments of updated employee handbooks to take account credentials and steal information. Read to learn how to avoid this scam.
The NJCCIC observed a high volume of phishing emails targeting NJ State employees, attempting to get credentials or deliver malware by abusing the Interplanetary File System. IPFS is a distributed file storage protocol that enables users to exchange files.
The NJCCIC recently observed two phishing campaigns in which threat actors included suspicious links via QR codes. Quick Response (QR) codes are square barcodes that can be scanned by smartphones to quickly send users to a website, download an application, or direct payments.
Individuals seeking to donate to relief efforts are targeted in charity scams initiated by threat actors using social engineering tactics through emails, SMS messaging, phone calls, and via social media. Such can be seen in the aftermath of the recent devastating wildfires in Maui.
