Subdomain hijacking occurs when threat actors gain control of a subdomain of a legitimate domain by taking over unused or abandoned subdomains to inject their IP address into the SPF record, and send emails on behalf of the primary domain name.
Recent trends reveal an alarming increase in cyberattacks targeting the financial sector. The critical nature of financial services and operations, coupled with the increased digitalization, make financial organizations targets for fraud, phishing and ransomware attacks.
Multiple vulnerabilities have been discovered in ConnectWise ScreenConnect, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the system.
Reports of QR Code phishing attacks recently increased. With the surge of QR code use in everyday life (check-in systems, and wireless payments, etc) attackers take advantage of the increased adoption of QR code scanning by potential victims. Read to learn how to protect against this.
Deepfakes are a form of media that have been digitally manipulated, often through artificial intelligence, to replace one person's likeness with that of another. Cyber threat actors are using deepfake technology in new social engineering schemes. Read to learn how to protect against this.
As Valentine’s Day approaches, threat actors continue to target individuals seeking companionship or romance. The NJCCIC received reports of sextortion incidents where victims are threatened to pay an extortion demand or else compromising photos/video of them will be released.
Search engine optimization (SEO) is the process of improving the quality and quantity of website traffic to a website from search engines. In SEO poisoning, threat actors create malicious websites and use techniques to insert irrelevant keywords into a webpage’s text.
SIM swapping attacks have become increasingly common. Threat actors initiate these attacks by contacting wireless carriers and impersonating the subscriber. They use social engineering to transfer the subscriber's phone number to a new SIM card under their control.
There has been an increase in scam-related courier service usage to retrieve money and valuables from targets. Scammers often employ a multi-layered approach, posing as government officials, tech support, or financial institution employees to gain victims' trust.
Since the start of the new year, the NJCCIC has observed an uptick in reported incidents of compromised accounts for New Jersey citizens and businesses, such as healthcare, education, law enforcement, contractors, real estate, and accounting firms.
