Be Sure to Secure
Social Engineering Reports
Protecting Against Tech Support Scams
What are tech support scams? Tech support scams are social engineering attacks in which scammers contact a user via a website pop-up or notification, phone call, or email and attempt to convince a user that their system requires technical support. The scammers' intent varies; they may be attempting to steal ...
Tax Scams and Identity Theft: What You Need to Know
PREVENTING CYBER CRIME DURING TAX TIME It is that time again for tax season, which means it is also a great time for threat actors to target taxpayers and their data. Threat actors are after W-2 information and personally identifiable information such as Social Security numbers, dates of birth, bank ...
Don't Take the Bait! Phishing and Other Social Engineering Attacks
Phishing is a form of social engineering in which a threat actor attempts to trick victims into visiting a malicious site and disclosing sensitive information such as account login credentials, financial information, or personally identifiable information (PII), or opening a malicious attachment that installs malware onto their system. Phishing attacks ...
Don’t Let a Romance Scam Break Your Heart or Empty Your Bank Account
With Valentine’s Day just around the corner, love is in the air and those who currently lack a significant other may decide to join a dating website to meet new relationship prospects. Unfortunately, there are plenty of scam artists who target dating site users and try to swindle money from ...
Tired of Receiving Scam Calls? Don’t Just Sit There. Do Something About It.
Like seemingly everyone else in America, I was receiving multiple calls per day from scammers, each originating from a different number. Most days, I would get more scam calls than legitimate ones and, eventually, my frustration in dealing with them led me to send most calls to voicemail, assuming anyone ...
Don’t Get Harpooned by a Whaling Attack
Unlike phishing attacks which cast a wide net in the hopes of catching as many victims as possible, whaling is a term used to describe carefully crafted emails designed to target or spoof specific people within an organization – usually top level executives, upper management, and other corporate decision-makers. The ...
Malvertising: More than a Nuisance
Malicious advertising, more commonly known as malvertising, has been around since at least 2007 but has quickly ascended on the list of everyday Internet threats due to the prevalence of online advertising in today’s digital media environment, where consumers expect free content in exchange for exposure to advertising. Malvertising simply ...
Cyber Safety Reports
Web Shells
Web shells are malicious scripts that attackers use as a point of entry into target systems. Threat actors use scanning tools, such as the publicly available shodan.io , to identify potential targets and attempt to exploit known vulnerabilities on systems. If successful, the threat actor can then upload web shells ...
Spotting a Spoofing
Now more than ever, it is becoming increasingly important to take caution before clicking. Criminals are expanding their means for attack, finding different avenues to exploit the unsuspecting user. One of these avenues is by email; while you may think you are receiving an email from for a known contact ...
Stay Cyber Safe This Holiday Season
With the holiday season upon us, it is important to maintain awareness of the many threats posed by cybercriminals this time of year...
National Cybersecurity Awareness Month 2020
This year has proven to be one for the history books. We have borne witness to a pandemic that has altered our daily lives for the foreseeable future. Technology has become a crucial crux - a necessity in our daily lives - which has allowed us to continue working, learning, ...
Compromised PII: Facilitating Malicious Targeting and Fraudulent Activity
What is PII? According to the National Institute of Standards and Technology (NIST), Personally Identifiable Information (PII) is defined as any information about an individual, including: (1) Any information that can be used to distinguish or trace an individual's identity, such as name, Social Security number, date and place of ...
Navigating New Challenges This Academic School Year
Students, faculty, parents, and guardians across New Jersey are preparing for the beginning of a new academic school year unlike any other. As academic institutions reopen for the 2020-2021 school year, the pandemic put a new spin on the typical back-to-school stress. Of the estimated 600 public school districts ...
How Big is Your Footprint?
When we talk about our digital footprint, we immediately think of social media - and with good reason. There are countless social media platforms available that invite its users to share their lives, photos, videos, and thoughts with the world. Through these platforms, we may reveal a host of personally ...
Freezing Your Credit
Placing a credit freeze (also called security freeze) on your credit profile restricts access to your credit report and prevents anyone from opening a new credit account using your information.
Magecart Attacks
Magecart attacks are a type of web-based data skimming operation used to capture customer payment card data from the checkout pages of online stores.
Don't Be Fooled: Ways to Prevent BEC Victimization
HOW TO AVOID FALLING VICTIM TO A BUSINESS EMAIL COMPROMISE ATTACK Between December 2017 and May 2018, Americans lost nearly $3 billion due to business email compromise (BEC) scams. The NJCCIC receives numerous incident reports from organizations around that State impacted by various BEC attacks. Unlike generic phishing campaigns, BEC ...
What to Expect When the GDPR Goes into Effect
The General Data Protection Regulation (GDPR) is the European Union’s latest data protection legislation, developed to address issues regarding data privacy. The GDPR gives EU citizens more control over what companies can do with their data, while increasing fines for non-compliance and data breaches. With a May 25, 2018 enforcement ...
Protect Your Mobile Phone Numbers from Porting Scams
In August 2017, the NJCCIC published Hackers Are Circumventing 2FA and Here's What You Can Do About It to alert members of emerging social engineering campaigns targeting mobile phone carriers. In these campaigns, hackers called the carriers and impersonated the targeted victim when speaking to customer service representatives. They would ...
Hackers Are Circumventing MFA and Here's What You Can Do About It
Those who have followed the NJCCIC over the last two years have likely noticed how often we emphasize the importance of enabling multi-factor authentication (MFA). MFA provides an added layer of security by requiring an additional piece of authentication data beyond that of a username and password. Because of its ...
NTP: Time is of the Essence
Time synchronization is not something many people may consider to be a critical component of a properly functioning enterprise; however, it is vital for managing, securing, debugging, and investigating security incidents on a network. Desynchronized timekeeping across distributed servers in a corporate network can cause serious headaches for IT staff ...
YARA: Effective Tool to Detect Malware
The first-ever power outage caused by a cyber attack occurred in Ukraine on December 23, 2015, causing many to reevaluate the risk to critical infrastructure and ask, could this happen in the United States and what can be done to prevent it? The Department of Homeland Security (DHS) and other ...
Cyber Extortion: What You Don’t Know Can Cost You
The NJCCIC has been talking a lot about the topic of cyber extortion lately, and with good reason. Just two months into 2016, there have already been a number of cyber extortion attacks across the country, impacting all kinds of individuals, businesses, and organizations. We don’t see this trend subsiding ...
2015 Data Breach Lessons Learned
If the past two years have taught us anything, it’s that the frequency and impact of data breaches will continue to grow if organizations do not do more to implement effective cybersecurity practices. The theft and sale of personal data is big business for profit-motivated hackers, while state and non-state ...
Considering Cyber Insurance? What You Need to Know
Owning a business in this day and age can be a risky proposition. In addition to maintaining positive cash flow and keeping your customers and employees happy, you have to take steps to protect your company and assets from unexpected events that could drain your accounts and close your doors ...
Keeping Your Children Safe Online
This weekend, if you’re a parent, you’re probably going to spend some time reminding your children to be careful when they head out the door to go trick-or-treating. You might tell them to walk in a group and not wander off, and to stay in safe, familiar, well-lit neighborhoods. You’ll ...
The Future of Payments is Now
The United States is currently in the midst of the biggest transition of payment technology in several decades, as alternatives have emerged to provide a more secure option than the magnetic strip “swipe and sign” process used since the 1970s. Due to our longstanding use of this vulnerable payment process, ...
Cyber Extortion – A Troubling Trend
There are several reasons why individuals may choose to become hackers. Some people might do it out of curiosity or for personal gratification. Others do it for financial gain or to steal intellectual property. Some consider themselves “hacktivists,” a relatively new term used to describe those who hack to promote ...
AI, IoT, and Cryptography Reports
Is Seeing Believing? A Look into Deepfakes
Deepfakes are images, videos, or audio recordings that have been synthetically produced by artificial intelligence (AI) algorithms. They are manipulated and altered versions of the original medium. New items or people may be inserted, the actions of individuals may be modified, and the audio of an individual may be changed ...
IoT Device Security and Privacy
When we hear the term “Internet of Things,” we may think of devices we use in our homes, such as thermostats, smoke alarms, kitchen appliances, televisions, door locks, and cameras; however, these devices go well beyond the home and are widely used across industries. IoT devices play a prominent role in our lives and offer many benefits, such as increased efficiency and performance, economic advantages, and convenience ...
Seeing AI to AI: Artificial Intelligence and its Impact on Cybersecurity
Everyday AI Have you ever uploaded a photo of you and your friends to Facebook, only to see that Facebook has self-identified your friends in the photo and asked permission to tag them? This identification process utilizes a form of artificial intelligence (AI). You likely use other forms of AI ...
Cryptographic Protections in an Online World
In our technology-driven world, keeping personal information safe from prying eyes is becoming increasingly important. Thankfully, for the everyday user, cryptography is widely implemented, and we can be confident that only intended recipients can view sensitive information. Anyone who has ever sent an e-mail, used online banking, purchased something with ...
The Internet of Insecure Things
The US Government is currently drafting a 'green paper' in preparation of presenting a formal policy on the Internet of Things (IoT), acknowledging the highly insecure technologies that have hit the market in recent years. Demonstrating the growth of this market, the research and consulting firm Gartner, Inc. forecasts that ...
Vehicle Cybersecurity: Industry Responds to Vulnerabilities
A series of media reports throughout the summer drew attention to various vulnerabilities in many of today’s Internet-connected vehicles. While the identified security gaps present serious risks to public safety and certainly warrant an industry-wide response, it is important to note that there have since been no reports of malicious ...
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.