State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

While COVID-19 Tactics Increase, Traditional Phishing Still Circulating

NJCCIC Alert

Original Release Date: 4/24/2020

Summary

There have been numerous new phishing campaigns referencing the COVID-19 pandemic; however, it is important to highlight the traditional tactics still being deployed. The NJCCIC’s email security solution has identified several campaigns purporting to be from banks or vendors that attempt to steal credentials or download malware. For example, a recent phishing campaign impersonated Chase bank informed the email recipient that their account had been suspended due to suspicious activity. The email requested they download and fill out the attached file; however, when opened, the attached HTML file directed the user to a fraudulent Chase online banking site. If credentials were entered and submitted, they were sent to the threat actor. In this campaign, the sender display name and email address was ”Chase Online” chaseonlinesecurity[@]chrobinson[.]com, the subject line was “We’ve suspended your Chase account access,” and the attachment was titled “chase-online-account-verification.html.” Another recent campaign impersonated a vendor and instructed the recipient to open the attached Microsoft Excel file to view their invoice. If opened and macros were enabled, the Zloader banking trojan would be downloaded to the recipient’s system. Zloader is used to steal credentials when users access their online banking account. These emails were largely delivered by aol[.]com email addresses and the subject lines and attachment titles were related to, and often contained the word, “invoice.” While the indicators detailed in these campaigns may vary, the tactics used are typically similar. Display names, subject lines, and attachment titles are often related to the email’s theme and attempt to invoke a sense of authority and legitimacy. Though many cyber-criminals turned to campaigns referencing COVID-19 as global interest increased, many are continuing to distribute traditional phishing tactics to convince users to download attachments, click links, or divulge sensitive information.

Recommendations

The NJCCIC recommends users exercise caution with emails from unknown senders and avoid taking action on these emails. Additionally, users are advised not to enable macros in files, even those received from known senders, without first verifying the legitimacy of the document. If an email instructs a recipient to access their account, the user is advised to avoid clicking on links provided and, instead, manually type the URL for the account into the address bar of their browser.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.