State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Phishing Emails Bypassing Security Solutions

NJCCIC Alert

Original Release Date: 6/9/2023

Image Source: Proofpoint 

Summary

The NJCCIC identified a significant number of phishing attempts targeting New Jersey State employees and public sector partners, claiming that the target’s account was hacked. The subject line states, “Your account is hacked. Your data is stolen. Learn how to regain access." The email message further states that the threat actor has access to a target's system and may claim that they “made” compromising videos or images of the target, threatening to release these images if a ransom payment in the form of cryptocurrency is not received by a specific time. According to our email security solution, roughly 91.7 percent of these phishing emails were quarantined; however, approximately 8 percent either bypassed quarantine or were released by the user to their inbox. The email contains typical red flags and spoofing techniques, appearing as if the email originated from the victims. However, analysis indicates that these emails were sent via various US and international IP addresses. In some instances, associated IP addresses were identified by other security vendors attempting to harvest credentials and deliver malware. There is no indication that these emails are legitimate and should be disregarded.

Recommendations

The NJCCIC advises users to ignore and delete these phishing emails, report the activity to their IT department if applicable, and avoid releasing these types of correspondence to their inbox from a quarantined environment. Users are advised to refrain from responding to unsolicited communications, clicking links or opening attachments from unknown senders, and exercise caution with communications from known senders. If unsure of the legitimacy, contact the sender via a separate means of communication, such as by phone, before taking action.

Organizations are advised to implement filters at the email gateway to identify and block emails using known phishing tactics and those from suspicious IP addresses, create an email gateway rule to flag communications in which the “reply” email address is different from the “from” email address, and identify emails that originate outside their network by marking them with an “external email” tag in the subject and body since these emails should be given additional scrutiny. Furthermore, create a policy and procedure to identify and report business email compromise (BEC) scams, including periodic employee awareness training; establish policies and procedures that require any requests for highly sensitive information or large financial transactions be authorized and approved by multiple individuals via a secondary means of communication beyond email; and implement Domain-Based Message Authentication, Reporting, and Conformance (DMARC) to reduce the risk of email spoofing. Further information can be found in the SPF Technical Guide.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.