Account compromises typically occur due to phishing emails, credential compromise, a lack of multi-factor authentication (MFA), exploited vulnerabilities, and data breaches. The NJCCIC recently received a report of a compromised account due to MFA fatigue (or MFA prompt bombing) .
A mysterious email arrives in your inbox, promising treasures beyond your dreams if you visit the provided website within the hour. With only thoughts of a dream vacation, you click the link, and the page loads, asking for a CAPTCHA verification to continue.
The NJCCIC observed a phishing campaign targeting several public sector organizations in New Jersey. These emails are sent from accounts ending in the domain "benefitsfactor[.]com" and contain subject lines similar to "Confidential: Compensation Update for (recipient)."
The NJCCIC continues to receive reports of cryptocurrency scams in which threat actors convince potential victims to deposit funds on fraudulent platforms with lures of high-yield, quick-return cryptocurrency investments. Weeks or months after a deposit is made, the victim can...
The NJCCIC identified a phishing campaign that uses tactics to make detection more difficult, leading to increased account compromises. Users receive an initial encrypted email with an encrypted link to "Read the message," which leads to a legitimate Microsoft 365 login page.
SMS text phishing (SMiShing) scams impersonating the New Jersey Motor Vehicle Commission (MVC) or the obsolete New Jersey Division of Motor Vehicles (DMV) continue to be reported to the NJCCIC. The messages claim that the user has an outstanding traffic ticket.
The NJCCIC identified a phishing campaign impersonating the Social Security Administration. The email notifies the user that their "Social Security Statement" is available online and instructs them to click the included link to access the statement that displays stolen...
The NJCCIC received reports of an uptick in fraudulent New Jersey Department of Labor and Workforce Development Unemployment Insurance (UI) claims, primarily targeting public sector education employees who are still employed. The availability of employee information...
The NJCCIC has observed a phishing campaign posing as an automated notification about quarantined emails. Many companies employ email security protection, which often includes a quarantine feature that holds potentially risky emails for user review.
The NJCCIC continues to receive reports of romance scams targeting New Jersey residents to steal funds. Threat actors typically create fake accounts on social media platforms or dating apps to pose as potential new friends or love interests. They increasingly use AI as disguise...
