Security researchers have discovered a new campaign to steal a user’s login account credentials. In this campaign, a target’s browser is forced to load in kiosk mode, a full-screen mode that prevents users from navigating away from the selected webpage. This attack targets Google accounts.
Analysts recently identified a cybercrime group known as Marko Polo, linked to at least 30 unique cryptocurrency and gaming-related scams that have likely compromised thousands of devices worldwide. The group is identified as a financially motivated “traffer team.ˮ
The NJCCIC’s email security solution detected multiple phishing campaigns attempting to deliver messages containing links to websites compromised by a payment skimmer . Digital skimmers are snippets of code injected into online retailers that steal payment details as they are entered.
The NJCCIC received incident reports consistent with open-source reporting that indicate an overall increase in various types of cryptocurrency scams. Cryptocurrency's decentralized nature and its global transferability make it appealing to cybercriminals. Click to learn more.
The Cybersecurity and Infrastructure Security Agency recently co-authored a joint cybersecurity advisory regarding the RansomHub ransomware group. Since it was first observed in February, RansomHub has become one of the most prolific ransomware threats.
Incident reports indicating that a new version of the well-known sextortion email scam is currently circulating. This version now includes a photo of the recipient's home, likely found via online mapping applications. The targeted individual's home address could have been easily obtained.
Employment scams are increasing, and scammers are devising new methods to target unsuspecting job seekers. Recently observed scams more frequently begin with a text message, initiating conversations about a potential job opportunity. The scammer claims to be a recruiter...
Businesses in the Information Technology sector act as critical service providers and part of a supply chain, store sensitive information, provide access to other accounts, and frequently engage with customers. Click here to learn more about these scams.
A sophisticated phishing campaign targeting Microsoft Teams was identified using the Tycoon 2FA Phish-kit phishing-as-a-service (PhaaS) platform to steal session cookies and bypass two-factor authentication (2FA) protection. The victim is sent a link to a malicious phishing page.
The NJCCIC received reports involving elder fraud scams that reflect recent tactics observed by the FBI. The scammers typically employ a multi-layered approach, impersonating associates of a technology company, a financial institution, and US government officials.
