Using social media or other messaging platforms, fraudsters posing as lawyers representing fictitious law firms may contact scam victims and offer their services, claiming to have the authorization to investigate fund recovery cases. Click to read more.
Threat actors are using phishing schemes to steal login credentials for initial access and the diversion of automated clearinghouse (ACH) payments to US controlled bank accounts. Healthcare organizations are attractive targets for threat actors due to multiple factors.
Reported card skimming incidents increased by 40 percent from 2022 to 2023. New Jersey is one of the top five states, accounting for nearly 50 percent of card compromise reports (CCRs). The outlook for 2024 shows a continued upward trend, which means increased card skimming...
The NJCCIC continues to observe attempted Telephone-Oriented Attack Delivery (TOAD) phishing email attacks, similar to open-source reporting. Prior to the attack, cybercriminals perform reconnaissance on victims, gathering information from various sources.
Reported card skimming incidents increased by 40 percent from 2022 to 2023. More specifically, New Jersey is one of the top five states, accounting for nearly 50 percent of card compromise reports (CCRs). The outlook for 2024 shows an upward trend.
The NJCCIC observed two new phishing campaigns utilizing PowerShell scripts to drop multiple malicious payloads. One campaign, dubbed ClickFix, launched by a threat actor identified as TA571 which was also behind the recently observed DarkGate phishing campaign.
The NJCCIC recently received multiple incident reports from organizations targeted with direct deposit scams in an attempt to change bank account information for direct deposit payments for payroll to facilitate fraud. K-12 school districts are primarily targeted.
A growing number of cyberattacks were discovered targeting retailers and online consumers as summer sales heat up. Though the holiday season remains the most profitable time for retailers, sale events are often launched in the slower summer months to increase revenue.
The NJCCIC recently observed an uptick in phishing campaigns targeting New Jersey State employees using a legitimate file-sharing platform and URL redirects to steal user credentials and deliver malware. One scheme uses an Adobe Acrobat link.
The NJCCIC recently received reports of a phishing campaign that was also identified by Proofpoint. The campaign targets students and faculty and involves malicious emails using piano or musical instrument-themed messages to lure people into advance fee fraud (AFF) scams.
