NJ residents warned about a surge of fake urgent notifications
Have you received one?
New Jersey cybersecurity officials have issued a warning about a sudden uptick in fraudulent urgent account email notifications being sent to Garden State residents.
According to Krista Valenzuela, a cyber threat intelligence analyst with the New Jersey Cybersecurity and Communications Integration Cell, the notifications appear like they are coming from a known entity, like Microsoft, Google or Amazon, complete with what is called “display name spoofing” logos and other types of trademark characteristics that make them look authentic.
She said within the body of the email “they’re claiming that the user needs to reset their password or verify their personal information or maybe address a security issue.”
Don't click on it
She said as is the case with other scams, the email usually includes “a link to a website that’s actually fraudulent but might look very legitimate, they might look like the login for Microsoft and request that the user put in their account information.”
She said if that information is entered, it is promptly stolen by the threat actors.
So what should you do to avoid getting ripped off?
Valenzuela stressed it’s getting harder and harder to tell if an email is legitimate or not, so if you want to check to see if a notification requesting immediate action is actually on the level “don’t click on any links or open any attachments delivered with these messages, but instead go to the official website and log in that way.”
“If you need to take any action on your account like re-setting your password or adjusting your information, that information will be right there, ready for you.”
While many of these fraudulent emails look real, there are usually some red flags.
“That display name, or the sender information might not correspond to the associated sender email address, that’s one of the major red flags we see," she said. “Any spelling or grammatical errors, those are also signs that maybe something is awry.”
Who’s behind this new scam email push?
Valenzuela said it’s difficult to pinpoint whether the instigators are nerdy tech-teens in a basement somewhere, organized crime operators or bad cyber actors in other countries.
“It’s probably a little bit of a hodge-podge of all of those entities, we don’t know who is behind any of these specific schemes,” she said.
She said you can get more information about current cyber threats by visiting cyber.nj.gov