State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Social Engineering Scheme Impersonates NJ DOL

NJCCIC Alert

Original Release Date: 3/10/2023

Summary

On March 6, the NJCCIC was notified of an advanced phishing attack regarding unemployment benefits. In this scheme, the victim was contacted by a series of email messages originating from support[@]dol[.]gov[.]njdol[.]us, a fraudulent email address meant to impersonate the New Jersey Department of Labor. The associated domain dol[.]gov[.]njdol[.]us redirects the user to the New Jersey Department of Labor’s official website to feign legitimacy; the fraudulent site has since been taken down. Prior to the initial email contact, the threat actor obtained personally identifiable information (PII) of the victim through unknown means, though the victim’s email address was confirmed via haveibeenpwned.com to have been associated with a data breach.

The PII provided in the email included the claimant’s name, date of birth, zip code, and the last four digits of their Social Security number. Once contact was made with the victim, the threat actors convinced them to send images of the front and back of their driver's license and requested multi-factor authentication (MFA) codes for the following online banking accounts: Capitol One Bank, Huntington Bank, and Citizens Bank. The victim provided the threat actor with the MFA code associated with their Citizens Bank account; however, the code expired before the threat actor was able to utilize it.

Recommendations

The NJCCIC reminds users to exercise caution with unexpected emails from unverified senders including those claiming to be from government organization but whose email address does not use the .gov top-level domain. If a user is unsure of a message’s legitimacy, navigate to the associated organization’s official website to find the correct contact information. The NJCCIC also reminds users that legitimate email support will never ask users for MFA codes and that MFA codes should never be shared. More information on how threat actors can trick victims into obtaining MFA codes can be found in the NJCCIC article . Users are advised to use a resource such as haveibeenpwned.com to maintain awareness of recent data breaches and determine what data was exposed, resetting credentials as needed. Additionally, avoid password reuse, maintain unique passwords for each online account, and enable MFA, choosing authentication apps and biometrics over SMS text-based codes where available.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.