- Exercise caution with communications from known senders or legitimate platforms.
- Confirm requests from senders using contact information obtained from verified, official sources before taking action, such as clicking links or opening attachments.
- Navigate directly to legitimate websites and verify before submitting account credentials, providing personal or financial information, or downloading files.
- Enable multi-factor authentication (MFA) and keep systems and browsers up to date.
- If victimized, disconnect from the internet and run anti-virus/anti-malware scans.
- Maintain robust and up-to-date endpoint detection tools on every endpoint.
- Consider leveraging behavior-based detection tools rather than signature-based tools.
- If sensitive information was entered, change passwords for compromised accounts, monitor for unauthorized activity, and review the Identity Theft and Compromised PII NJCCIC Informational Report for additional recommendations and resources, including credit freezes.
- Review the Don't Take the Bait! Phishing and Other Social Engineering Attacks NJCCIC product for more information on common phishing and social engineering attacks.
- Report malicious cyber activity to the NJCCIC and the FBI's IC3.
|
|
|
|
|
|
|
