Upon following the URL, targets are directed to a website that impersonates the NJ DOL login page. Any credentials or information provided will be forwarded to the threat actors behind the attack.
Recommendations
- Avoid clicking links and opening attachments in unsolicited emails and instead navigate directly to official websites.
- Exercise caution with unexpected emails from unverified senders, including those claiming to be from government organizations but whose email address does not use the .gov top-level domain.
- If a user is unsure of a message’s legitimacy, navigate to the associated organization’s official website to find the correct contact information.
- Look for red flags like unexpected requests for personal information, suspicious links, or urgent requests to take action.
- If you submit your account information to a fraudulent site, reset your password and enable multi-factor authentication (MFA) immediately.
- If you submit personally identifiable information, such as a Social Security number, visit identitytheft.gov for guidance.
- If you submit financial information, contact your banking institution immediately to prevent unauthorized transactions and reset PINs, if applicable.
- Review the Don't Take the Bait! Phishing and Other Social Engineering Attacks NJCCIC product for more information on common phishing and social engineering attacks.
- Report phishing and other malicious cyber activity to the NJCCIC and the FBI's IC3.
