Image 1: Example phishing email sent from a compromised account.
Instead of relying on traditional red flags in the message's content, users must now verify the senders of these emails. If someone receives an email asking them to click a link or open an attachment and provides sensitive information, such as an account username and password or financial information, they are advised to contact the sender to determine its validity. This contact should be made using official phone numbers known to be legitimate. In addition, an email received from a known contact may have been sent from a compromised (hacked) account. Therefore, in addition to exercising caution with emails from unknown accounts, users must scrutinize and verify emails received from trusted contacts.
Image 2: Example SMS text phishing campaign impersonating NJ MVC.
SMS text messages are increasingly used in social engineering schemes. As with email phishing, GenAI is helping cyber threat actors craft convincing messages, often impersonating known and trusted organizations. The New Jersey Motor Vehicle Commission (NJ MVC) has been repeatedly impersonated in several SMS text phishing campaigns over the last year. These messages attempt to convince users to click the included link and provide personal and financial information to pay a fictitious fine or another payment due. These messages appear official; however, NJ MVC only texts users regarding scheduled appointments. They do not send text messages demanding payment, requesting sensitive information, or notifying users of a license or registration suspension. With this SMS text phishing scheme and others that impersonate organizations and companies, users should visit official websites and applications to log in to accounts or call official phone numbers to verify any requests or messages received. Recommendations- Confirm the source of an email before clicking links, providing sensitive information, or opening attachments, even if the email appears to be sent from a known and trusted contact.
- Avoid clicking links delivered in text messages and avoid replying to text messages. Phone numbers can be spoofed to appear legitimate and are not a reliable verification option.
- Navigate directly to official websites or applications for account information or actions, rather than clicking links in emails and text messages.
