Recommendations
- Avoid opening attachments or clicking links delivered in emails and meeting invites, even those from known contacts, unless they are expected and in line with an established relationship.
- Verify communications with the sender via a separate means of communication before taking any action on their requests.
- Type official website URLs into browsers manually and only submit sensitive information on official websites.
- Notify users of this and similar tactics to increase awareness and reduce the risk of account compromises.
- Review the Don't Take the Bait! Phishing and Other Social Engineering Attacks NJCCIC product for more information on common phishing and social engineering attacks.
