The NJCCIC continues to receive reports of compromised email, communication, and social media accounts of New Jersey residents. Compromised accounts include Microsoft, Gmail, AOL, Discord, WhatsApp, Facebook, Instagram, and TikTok. Account compromises enable threat actors to access sensitive data and conduct further malicious activity, such as social engineering schemes, data exfiltration, extortion, and other scams. Therefore, it is critical to safeguard all accounts, especially if one is linked to other accounts.

Once threat actors compromise an account, they can change the recovery email address, phone number, password, multi-factor authentication (MFA) method, personally identifiable information (PII), and other details, potentially locking victims out of their accounts. The recovery process for a compromised account may be automated or require a manual submission to the official email provider or communication or social media platform. Depending on the provider or platform, verification of identity and account ownership may include answering specific questions about the account, using familiar and frequently used devices or networks, and identifying recent messages, contacts, or posts before the compromise. Account owners may also be required to submit government-issued ID, credit card information, or a video selfie for proof of identity or age.

Account compromise can be prevented by exercising caution with communications, links, and attachments, and enabling MFA , choosing authentication apps or hardware tokens over SMS text-based codes. If an account is compromised, the device may also be compromised and infected with malware; therefore, it is recommended to proceed with the recovery process through official channels or platforms on secure, clean devices and networks. Once access is regained and if applicable, terminate all active sessions or devices, remove any unauthorized email forwarding rules, check the account for malicious messages or posts, and update any information that was changed by the threat actors. Additionally, if the MFA method is linked to the threat actor’s phone number, remove it and set up an authentication app or hardware token.

Recommendations

• Keep systems and browsers up to date.
• If personally identifiable information (PII) has been compromised, review the Identity Theft and Compromised PII NJCCIC product for additional recommendations and resources, including credit freezes and enabling MFA on accounts.
• Exercise caution with anyone calling to verify your identity before restoring your account, requesting remote access to your computer to “fix” the account, or claiming to recover your account for a fee.
• Report malicious cyber activity to the NJCCIC and the FBI’s  IC3.