Once an account is compromised, threat actors impersonate the victim to conduct further malicious activity, such as changing account information, sending communications on their behalf, transferring funds, installing malware, exfiltrating data, and more. On average, threat actors can move from initial compromise to privilege escalation to lateral movement in approximately less than an hour, and the objectives of their full targeted attack can take four hours and 29 minutes. These timeframes are concerning as users or administrators take longer to identify and remediate.
Recommendations
- Refrain from responding to unsolicited communications, and exercise caution with communications from known senders.
- Be wary when scanning QR codes, even from trusted sources.
- If unsure of the legitimacy, contact the sender via a separate means of communication – such as by phone through official and legitimate sources – before taking action or disclosing sensitive information.
- Set up alerts, maintain unique passwords for each online account, and enable multi-factor authentication (MFA), choosing biometrics and authentication apps over SMS text-based codes where available.
- Refrain from posting sensitive information and images online to reduce your digital footprint.
- Review the Mobile Device Security NJCCIC product for more information about the mobile threat landscape and best practices.
- If victimized, report the scam directly to the respective platform, the Federal Trade Commission FTC, the FBI’s IC3, and the NJCCIC . If PII compromise is suspected or detected, contact your local law enforcement department.
- Review the Identity Theft and Compromised PII NJCCIC Informational Report for additional recommendations and resources, including credit freezes and enabling multi-factor authentication (MFA) on accounts.
