Be Sure to Secure
Social Engineering Reports
Social Media Apps
Social Media Apps Social media applications (or apps) provide users with efficient communication and entertainment options. Users accept app policies and terms and conditions without fully comprehending the implications, prioritizing ease of use and functionality over their own security and privacy. As a result, apps such as Facebook, Instagram, Twitter, ...
The Evolution of Ransomware: A 5-Year Perspective
The Evolution of Ransomware: A 5-Year Perspective Ransomware is malware or a malicious program that, if installed, will encrypt or convert files and their content into an undecipherable code. Through extortion, these encrypted files can be deciphered with a decryption key held by the threat actors and only shared once ...
SIM Swapping Attacks
A Subscriber Identity Module (SIM) card is a physical, removable smart card that contains subscriber identification data and authenticates a subscriber on a mobile device to a specified wireless carrier network. SIM cards contain data, such as user identity, location, mobile phone number, network authorization data, personal security keys, contact ...
Real Estate Wire Transfer Scams
Earlier this month, the NJCCIC reported on an aggressive phishing campaign targeting several New Jersey State agencies that regularly communicate with law firms. Aside from law firms, other parties involved in real estate transactions—including agents, title agencies, and buyers—are still at risk of being targeted. Unlike generic phishing scams, business ...
The Threat of Social Engineering
Threat actors use various tactics and techniques in social engineering scams to impersonate known organizations and individuals, employ the use of urgency or authority, steal user credentials and other sensitive information, and deliver malware. The NJCCIC continues to observe and receive reports of social engineering scams, including phishing, Business Email ...
Protecting Against Tech Support Scams
What are tech support scams? Tech support scams are social engineering attacks in which scammers contact a user via a website pop-up or notification, phone call, or email and attempt to convince a user that their system requires technical support. The scammers' intent varies; they may be attempting to steal ...
Impersonation Scams
The first week in March is National Consumer Protection Week, which helps people understand their consumer rights, manage their money, protect their privacy, and avoid scams. Impersonation scams are one example of a scam in which threat actors spend time researching their target, pretend to be a trusted person or entity, and lure their victims with different and personalized social engineering tactics.
Tax Scams and Identity Theft: What You Need to Know
PREVENTING CYBER CRIME DURING TAX TIME It is that time again for tax season, which means it is also a great time for threat actors to target taxpayers and their data. Threat actors are after W-2 information and personally identifiable information such as Social Security numbers, dates of birth, bank ...
Don't Take the Bait! Phishing and Other Social Engineering Attacks
Phishing is a form of social engineering in which a threat actor attempts to trick victims into visiting a malicious site and disclosing sensitive information such as account login credentials, financial information, or personally identifiable information (PII), or opening a malicious attachment that installs malware onto their system. Phishing attacks ...
Don’t Let a Romance Scam Break the Bank
With Valentine’s Day just around the corner, love is in the air and those who currently lack a significant other may decide to join a dating website to meet new relationship prospects. Unfortunately, there are plenty of scam artists who target dating site users and try to swindle money from ...
Tired of Receiving Scam Calls? Don’t Just Sit There. Do Something About It.
Like seemingly everyone else in America, I was receiving multiple calls per day from scammers, each originating from a different number. Most days, I would get more scam calls than legitimate ones and, eventually, my frustration in dealing with them led me to send most calls to voicemail, assuming anyone ...
Don’t Get Harpooned by a Whaling Attack
Unlike phishing attacks which cast a wide net in the hopes of catching as many victims as possible, whaling is a term used to describe carefully crafted emails designed to target or spoof specific people within an organization – usually top level executives, upper management, and other corporate decision-makers. The ...
Malvertising: More than a Nuisance
Malicious advertising, more commonly known as malvertising, has been around since at least 2007 but has quickly ascended on the list of everyday Internet threats due to the prevalence of online advertising in today’s digital media environment, where consumers expect free content in exchange for exposure to advertising. Malvertising simply ...
Cyber Safety Reports
2024 NJCCIC CyberStart Achievement Awards Are Off to a Great Start!
The 2024 NJCCIC CyberStart Achievement Awards are off to a great start! We had over 60 students register so far. Today we had our first student register that was recruited by an NJCCIC CyberStart Ambassador! An Ambassador recruits students to join the NJCCIC CyberStart Achievement Awards. Recruit your friends and ...
Be Prepared: NJCCIC Cybersecurity Survival Guide
Summary This October marks the 20th annual Cybersecurity Awareness Month (CAM), which raises awareness of the importance of cybersecurity in America, ensuring that everyone is prepared with the tools and resources they need to be safe and secure online. CAM is a collaborative effort led by the Cybersecurity and Infrastructure ...
Keeping Children Safe Online
This weekend, if you’re a parent, you’re probably going to spend some time reminding your children to be careful when they head out the door to go trick-or-treating. You might tell them to walk in a group and not wander off, and to stay in safe, familiar, well-lit neighborhoods. You’ll ...
Social Media: Sharing More Than What You Post
Social media is an integral part of society; TikTok, Instagram, and Facebook have become household names. Even those who do not use these platforms likely know someone who does. Social media is a powerful tool that unites people across the globe and allows users to share a little window into ...
Insider Threats
Insider Threats Organizations considering cybersecurity programs to increase their resiliency to cyberattacks must focus as much on defending against threats from inside the organization as they do in guarding against external threats. Insider threat is defined as the potential for an individual who has or had authorized access to an ...
Mobile Device Security
Mobile devices, such as smartphones, are an integral part of daily life with the ability to communicate with others, access services and apps, and increase productivity. They also circulate personal and/or critical business data, which may include personally identifiable information (PII), health information, financial information, and other sensitive information. As ...
Identity Theft and Compromised PII
What is PII? According to the National Institute of Standards and Technology (NIST), Personally Identifiable Information (PII) is defined as any information about an individual, including: (1) Any information that can be used to distinguish or trace an individual's identity, such as name, Social Security number, date and place of ...
Compromised Email Accounts
Why Do Cyber Threat Actors Target Email Accounts? Email accounts are targeted to gain access to sensitive information and to perpetuate subsequent attacks. Once a threat actor has compromised an email account, they can view previous communications, discover sensitive information, and create fraudulent emails to send to the victim's contacts ...
Stay Cyber Safe This Holiday Season
With the holiday season upon us, it is important to maintain awareness of the many threats posed by cybercriminals this time of year...
Virtual Private Networks
When you connect to the internet, you may be sharing more information than you realize. Typically, the effects are relatively innocuous—certain content may be restricted to viewing based on your geographical location, ads may target your preferences, bandwidth may be throttled and lead to slowdowns. However, without protecting your device and data when connected to the internet...
Credential Stuffing
Credential stuffing is a type of cyberattack in which threat actors attempt to access online accounts using compromised user credentials exposed in a data breach. Lists of compromised credentials are often found on dark web forums or for sale on dark web marketplaces. Once these lists are obtained, threat actors ...
Web Shells
Web shells are malicious scripts that attackers use as a point of entry into target systems. Threat actors use scanning tools, such as the publicly available shodan.io , to identify potential targets and attempt to exploit known vulnerabilities on systems. If successful, the threat actor can then upload web shells ...
Impersonation Scams
The first week in March is National Consumer Protection Week, which helps people understand their consumer rights, manage their money, protect their privacy, and avoid scams. Impersonation scams are one example of a scam in which threat actors spend time researching their target, pretend to be a trusted person or entity, and lure their victims with different and personalized social engineering tactics.
Spotting a Spoofing
Now more than ever, it is becoming increasingly important to take caution before clicking. Criminals are expanding their means for attack, finding different avenues to exploit the unsuspecting user. One of these avenues is by email; while you may think you are receiving an email from for a known contact ...
National Cybersecurity Awareness Month 2020
This year has proven to be one for the history books. We have borne witness to a pandemic that has altered our daily lives for the foreseeable future. Technology has become a crucial crux - a necessity in our daily lives - which has allowed us to continue working, learning, ...
Navigating New Challenges This Academic School Year
Students, faculty, parents, and guardians across New Jersey are preparing for the beginning of a new academic school year unlike any other. As academic institutions reopen for the 2020-2021 school year, the pandemic put a new spin on the typical back-to-school stress. Of the estimated 600 public school districts ...
How Big is Your Footprint?
When we talk about our digital footprint, we immediately think of social media - and with good reason. There are countless social media platforms available that invite its users to share their lives, photos, videos, and thoughts with the world. Through these platforms, we may reveal a host of personally ...
Freezing Your Credit
Placing a credit freeze (also called security freeze) on your credit profile restricts access to your credit report and prevents anyone from opening a new credit account using your information.
Magecart Attacks
Magecart attacks are a type of web-based data skimming operation used to capture customer payment card data from the checkout pages of online stores.
PII Compromise and Identity Theft, How Freezing Credit Can Help
Data breaches often expose personal and financial information that can be used in identity theft schemes. To protect your identity, the NJCCIC highly encourages placing a credit freeze on your credit profile. This post provides information and recommendations to help individuals reduce their risk of identity theft and other fraudulent activity.
Don't Be Fooled: Ways to Prevent BEC Victimization
HOW TO AVOID FALLING VICTIM TO A BUSINESS EMAIL COMPROMISE ATTACK Between December 2017 and May 2018, Americans lost nearly $3 billion due to business email compromise (BEC) scams. The NJCCIC receives numerous incident reports from organizations around that State impacted by various BEC attacks. Unlike generic phishing campaigns, BEC ...
What to Expect When the GDPR Goes into Effect
The General Data Protection Regulation (GDPR) is the European Union’s latest data protection legislation, developed to address issues regarding data privacy. The GDPR gives EU citizens more control over what companies can do with their data, while increasing fines for non-compliance and data breaches. With a May 25, 2018 enforcement ...
Protect Your Mobile Phone Numbers from Porting Scams
In August 2017, the NJCCIC published Hackers Are Circumventing 2FA and Here's What You Can Do About It to alert members of emerging social engineering campaigns targeting mobile phone carriers. In these campaigns, hackers called the carriers and impersonated the targeted victim when speaking to customer service representatives. They would ...
Hackers Are Circumventing MFA and Here's What You Can Do About It
Those who have followed the NJCCIC over the last two years have likely noticed how often we emphasize the importance of enabling multi-factor authentication (MFA). MFA provides an added layer of security by requiring an additional piece of authentication data beyond that of a username and password. Because of its ...
NTP: Time is of the Essence
Time synchronization is not something many people may consider to be a critical component of a properly functioning enterprise; however, it is vital for managing, securing, debugging, and investigating security incidents on a network. Desynchronized timekeeping across distributed servers in a corporate network can cause serious headaches for IT staff ...
YARA: Effective Tool to Detect Malware
The first-ever power outage caused by a cyber attack occurred in Ukraine on December 23, 2015, causing many to reevaluate the risk to critical infrastructure and ask, could this happen in the United States and what can be done to prevent it? The Department of Homeland Security (DHS) and other ...
Cyber Extortion: What You Don’t Know Can Cost You
The NJCCIC has been talking a lot about the topic of cyber extortion lately, and with good reason. Just two months into 2016, there have already been a number of cyber extortion attacks across the country, impacting all kinds of individuals, businesses, and organizations. We don’t see this trend subsiding ...
2015 Data Breach Lessons Learned
If the past two years have taught us anything, it’s that the frequency and impact of data breaches will continue to grow if organizations do not do more to implement effective cybersecurity practices. The theft and sale of personal data is big business for profit-motivated hackers, while state and non-state ...
Considering Cyber Insurance? What You Need to Know
Owning a business in this day and age can be a risky proposition. In addition to maintaining positive cash flow and keeping your customers and employees happy, you have to take steps to protect your company and assets from unexpected events that could drain your accounts and close your doors ...
The Future of Payments is Now
The United States is currently in the midst of the biggest transition of payment technology in several decades, as alternatives have emerged to provide a more secure option than the magnetic strip “swipe and sign” process used since the 1970s. Due to our longstanding use of this vulnerable payment process, ...
Cyber Extortion – A Troubling Trend
There are several reasons why individuals may choose to become hackers. Some people might do it out of curiosity or for personal gratification. Others do it for financial gain or to steal intellectual property. Some consider themselves “hacktivists,” a relatively new term used to describe those who hack to promote ...
AI, IoT, and Cryptography Reports
ChatGPT and Its Impact on Cybersecurity
Artificial Intelligence Artificial intelligence (AI) is a technology designed to mimic human cognitive functions, including learning, interacting, decision-making, and problem-solving. Machine learning is a subset of AI that plays a pivotal role in developing intelligence-based algorithms by learning from data. Within AI, deep learning exists as a subset that structures ...
Encryption: The Basics
Imagine you’re back in grade school and you are passing a paper note along to a friend at the other side of the classroom. That note was only meant for your friend to see, as it has an embarrassing message on it. Now imagine the mortification you would feel if ...
Is Seeing Believing? A Look into Deepfakes
Deepfakes are images, videos, or audio recordings that have been synthetically produced by artificial intelligence (AI) algorithms. They are manipulated and altered versions of the original medium. New items or people may be inserted, the actions of individuals may be modified, and the audio of an individual may be changed ...
IoT Device Security and Privacy
When we hear the term “Internet of Things,” we may think of devices we use in our homes, such as thermostats, smoke alarms, kitchen appliances, televisions, door locks, and cameras; however, these devices go well beyond the home and are widely used across industries. IoT devices play a prominent role in our lives and offer many benefits, such as increased efficiency and performance, economic advantages, and convenience ...
Seeing AI to AI: Artificial Intelligence and its Impact on Cybersecurity
Everyday AI Have you ever uploaded a photo of you and your friends to Facebook, only to see that Facebook has self-identified your friends in the photo and asked permission to tag them? This identification process utilizes a form of artificial intelligence (AI). You likely use other forms of AI ...
Cryptographic Protections in an Online World
In our technology-driven world, keeping personal information safe from prying eyes is becoming increasingly important. Thankfully, for the everyday user, cryptography is widely implemented, and we can be confident that only intended recipients can view sensitive information. Anyone who has ever sent an e-mail, used online banking, purchased something with ...
The Internet of Insecure Things
The US Government is currently drafting a 'green paper' in preparation of presenting a formal policy on the Internet of Things (IoT), acknowledging the highly insecure technologies that have hit the market in recent years. Demonstrating the growth of this market, the research and consulting firm Gartner, Inc. forecasts that ...
Vehicle Cybersecurity: Industry Responds to Vulnerabilities
A series of media reports throughout the summer drew attention to various vulnerabilities in many of today’s Internet-connected vehicles. While the identified security gaps present serious risks to public safety and certainly warrant an industry-wide response, it is important to note that there have since been no reports of malicious ...
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.