The NJCCIC received reports regarding the impersonation of NJ Department of Labor and Workforce Development (DOL) personnel in SMS text phishing (SMiShing) schemes. Cybercriminals are contacting claimants via text message, identifying themselves as “NJLWD Claim Department” and alleging they need clarification on a claim. The messages include a link – njunemployment[.]us – to provide the information and state that the claim will be suspended if not completed. When questioned, the cybercriminals state that the information provided does not correspond to what they have on file.

If the claimant clicks on the link in the text message, they are directed to a website impersonating the NJ DOL login page. If an email address and password are submitted, an error message stating “invalid password” is returned, and the user is prompted to resubmit their account information. Cybercriminals often use this tactic to ensure the user provides their correct password.

Once submitted a second time, the user is then prompted to provide their PIN, Social Security number, date of birth, and previous employer. The user is then redirected back to the original login screen. The cybercriminal steals any information entered into these forms, which can be used for identity theft and unauthorized access to the user’s account, where they may access other sensitive information and submit fraudulent unemployment benefits claims. The NJCCIC sent a cease and desist order to the domain registrar to have this site taken down; however, the website is still up at the time of this writing.

Recommendations

• If you are unsure about a text message, contact the organization or individual mentioned using the official phone number to verify the information and request.
• Be cautious of spoofed phone numbers, as scammers can disguise their phone numbers to appear as if they are from a trusted source.
• Refrain from clicking links in text messages and instead navigate directly to official websites or apps.
• Look for red flags like unexpected requests for personal information, suspicious links, or urgent requests to take action.
• Forward the scam text message to your carrier’s spam reporting service (often 7726).
• If you submit your account information to a fraudulent site, reset your password and enable multi-factor authentication (MFA) immediately. 
• If you submit personally identifiable information, such as a Social Security number, visit identitytheft.gov for guidance.
• If you submit financial information, contact your banking institution immediately to prevent unauthorized transactions and reset PINs, if applicable.
• Report SMiShing schemes to the NJCCIC, IC3, and FTC, and share information about SMS scams to help others stay safe.
• Block the number: Block the sender’s number to prevent further unwanted messages.