Users continue to receive emails referencing payment receipts for anti-virus solutions they did not purchase. Unlike from invoice scams, these emails do not request payment but rather claim that a payment has already been made. Read to learn how to spot this scam.
SEO is the process of improving the quality & quantity of website traffic. SEO poisoning is when threat actors strategically create malicious websites and use techniques such as keyword stuffing to insert irrelevant keywords into a web page’s text, meta tags, and other areas of the website.
Phishing emails remain a top social engineering tactic for cybercriminals. These emails may request recipients open an attachment, click a link, provide account credentials, transfer funds, or disclose sensitive information. This article shows samples and critical warning signs.
The NJCCIC received reports of targeted, well-crafted phishing emails claiming to be from financial institutions, specifically Citizens Bank. In the above example, the sender’s display name impersonates Citizens Bank to convey legitimacy. Click to learn more.
The NJCCIC received reports of a phishing campaign with Aetna-themed lures attempting to deliver malware. The sender’s display name impersonates the managed healthcare company to appear legitimate, and the sender’s email address contains innocent keywords.
MOVEit is file transfer software that enables file transfers. This article explains the New Jersey Cybersecurity & Communications Integration Cell vulnerability warning discovered in the software that could allow an attacker to install programs; view, change, or delete data, and more.
The NJCCIC received reports of a spear phishing campaign targeting the education subsector and masquerading as New Jersey State Compliance training. A compromised email account of a district employee was used to send fake training compliance notifications.
The NJCCIC received reports of gift card scams attempting to steal personally identifiable information (PII) or extort funds by impersonating trusted entities, such as a CEO or fellow employee, through email, SMS text messaging, and phone calls, to initiate fraudulent requests.
NJ state employees targeted by fake "Email Security Notification" phishing emails. These emails were impersonating the NJ Office of the Attorney General. Read this article to learn how to spot email spoofing and protect your login credentials and data.
Groundbreaking OpenAI products such as Whisper and ChatGPT have become very popular. Cybercriminals developed phishing scams to capitalize on Chat GPT's popularity. The NJCCIC reported a newly created YouTube channel, "OpenAI Live," attempting to scam users.
