Threat actors use SMS texts in phishing campaigns to steal users’ personal data, funds, etc. SMS-based phishing (SMiShing) may be more effective than email phishing as these messages are viewed on a mobile device, making it difficult to identify malicious texts.
With Tax Day quickly approaching, many taxpayers may feel stressed as they work to file their tax returns promptly and accurately. During this time, cybercriminals may exploit this human vulnerability and leverage the rapid advancement and increase in artificial intelligence and deepfakes.
A sophisticated phishing scheme of fraudulent URLs, login pages, a sense of urgency and legitimacy, and persistent communication through mobile devices was recently discovered. The phishing kit revealed the creation of replicas of login pages and impersonating organizations.
On February 22, a compromised email account sent phishing emails to several contacts at a New Jersey educational institution. The users who attempted to access the link in the email and submitted their credentials had their accounts compromised by the threat actor.
Subdomain hijacking occurs when threat actors gain control of a subdomain of a legitimate domain by taking over unused or abandoned subdomains to inject their IP address into the SPF record, and send emails on behalf of the primary domain name.
Recent trends reveal an alarming increase in cyberattacks targeting the financial sector. The critical nature of financial services and operations, coupled with the increased digitalization, make financial organizations targets for fraud, phishing and ransomware attacks.
Multiple vulnerabilities have been discovered in ConnectWise ScreenConnect, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the system.
Reports of QR Code phishing attacks recently increased. With the surge of QR code use in everyday life (check-in systems, and wireless payments, etc) attackers take advantage of the increased adoption of QR code scanning by potential victims. Read to learn how to protect against this.
Deepfakes are a form of media that have been digitally manipulated, often through artificial intelligence, to replace one person's likeness with that of another. Cyber threat actors are using deepfake technology in new social engineering schemes. Read to learn how to protect against this.
As Valentine’s Day approaches, threat actors continue to target individuals seeking companionship or romance. The NJCCIC received reports of sextortion incidents where victims are threatened to pay an extortion demand or else compromising photos/video of them will be released.
