Posted on

Dodging Cupid’s Malicious Arrow: Sextortion and Romance Scams

external content.duckduckgo 26

the staff of the Ridgewood blog

Ridgewood NJ, as Valentine’s Day approaches, threat actors may attempt to prey on individuals seeking companionship or romance. The NJCCIC continues to receive reports of sextortion incidents in which victims are threatened with the release of compromising or sexually explicit photos or videos if they do not pay an extortion demand. Some sextortion threats are not credible, as threat actors are unable to provide proof of such photos or videos. However, there is an increase in reported sextortion incidents in which threat actors pretended to be trusting potential love interests. In several recent incidents, threat actors posed as attractive females to target their victims, build trust, and convince them to send compromising or sexually explicit photos or videos.

Continue reading Dodging Cupid’s Malicious Arrow: Sextortion and Romance Scams

Posted on

Data Privacy Week: Time to Take Control of Your Data

metadata

he staff of the Ridgewood blog

Ridgewood NJ, Data Privacy Week is a global effort to empower individuals and encourage organizations to respect privacy, safeguard data, and enable trust. Every year, the National Security Alliance dedicates a week to recognizing the importance of data privacy and being informed about how information is used, collected, or shared in our digital culture. This year’s theme is to “take control of your data.” Online activity produces a wealth of data, which is collected by websites, apps, devices, services, and organizations all around the world. Although we cannot control every piece of information collected, users still have a right to data privacy.

Continue reading Data Privacy Week: Time to Take Control of Your Data

Posted on

Major Uptick in Ransomware Attacks on New Jersey Businesses and Institutions

Ransomware Shutterstock 1 2724417934

the staff of the Ridgewood blog

Ridgewood NJ, according to Department of Homeland Security’s (DHS) 2024 Homeland Threat Assessment  in the past month, there has been an uptick in reported ransomware incidents as threat actors continue to target New Jersey private organizations and the public sector, including school districts and local municipalities. The threat actors exploited security vulnerabilities and misconfigured devices to infiltrate systems and networks and encrypt them with ransomware variants, such as Cl0P, BlackCat, LockBit, and Akira. As a result of the attacks, files were at risk of exfiltration and contained personally identifiable information (PII) of users and customers of the victim organizations.

Continue reading Major Uptick in Ransomware Attacks on New Jersey Businesses and Institutions

Posted on

Cybersecurity Warning: Beware of Bank-Related Scams

bank-of-america_theridgewoodblog

the staff of the Ridgewood blog

Ridgewood NJ, in light of recent bank failures, the Cybersecurity and Infrastructure Security Agency (CISA) released an alert warning consumers to beware of potential scams requesting your money or sensitive personal information. Exercise caution in handling emails with bank-related subject lines, attachments, or links. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to any failed bank.

Continue reading Cybersecurity Warning: Beware of Bank-Related Scams

Posted on

Cybercriminals Target ANCHOR Property Tax Relief Fraud

16640313845855 3804797353

the staff of the Ridgewood blog

Ridgewood NJ, the Affordable NJ Communities for Homeowners & Renters (ANCHOR) program was developed to offset both the high costs of living and property tax burden, replacing the Homestead Benefit program and expanding the number of eligible taxpayers. Nearly 1.7 million New Jersey citizens applied for the ANCHOR property tax relief program by the February 28 filing deadline. The NJCCIC detected a series of phishing emails attempting to steal New Jersey residents’ ANCHOR program ID and PIN. These emails originated from similar IP addresses and the same subject line “ANCHOR Program Request for ID/PIN,”  with some of the messages containing attachments. Further analysis also identified telephone-oriented attack delivery (TOAD) phishing attempts containing similar subject content as well as attempts to redirect payments. Recent open-source reporting indicates that threat actors may have filed fraudulent claims purporting to be NJ taxpayers.

Continue reading Cybercriminals Target ANCHOR Property Tax Relief Fraud

Posted on

Phishing Campaign Targets New Jersey Government Employees

gone phishing 870x566 1

the staff of the Ridgewood blog

Trenton NJ, on January 6, the NJCCIC observed a phishing campaign targeting New Jersey government employees. In this campaign, the sender claims to be from the employee’s human resources department announcing an annual vacation plan. A link leads to a phishing website where the employee is prompted to log in with their government email credentials. These emails spoof the display name of the sender email address to match the domain of the recipient, making the messages appear to come from a legitimate source in their organization. However, the sender’s hostname originates from the domain sumltomocorp[.]com, a website known for marketing spam URLs. Additionally, the link contains the recipient’s email address in the URL in another attempt to add legitimacy to the message.

Continue reading Phishing Campaign Targets New Jersey Government Employees

Posted on

The State of New Jersey Bans TikTok and Other High-risk Software and Services Due to Cyber Security Issues

external content.duckduckgo 42

the staff of the Ridgewood blog

Trenton NJ,  Governor Phil Murphy today announced that the State of New Jersey has issued a cybersecurity directive to prohibit the use of high-risk software and services, including TikTok, on State provided or managed devices. The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), in collaboration with the Office of Information Technology (OIT), will maintain a list of technology vendors and software products and services that present an unacceptable level of cybersecurity risk to the State. The Directive will apply to all departments, agencies, commissions, boards, bodies, or other instrumentalities of the Executive Branch of New Jersey State Government.

Continue reading The State of New Jersey Bans TikTok and Other High-risk Software and Services Due to Cyber Security Issues

Posted on

NJCCIC Advisory : Update Software on all Microsoft Products Due to High Risk of Hacking

external content.duckduckgo 46

the staff of the Ridgewood blog

Ridgewood NJ , New Jersey Cybersecurity and Communications Integration Cell  also known as the New Jersey Office of Homeland Security and Preparedness’ Division of Cybersecurity, is warning residents businesses and organizations over multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Continue reading NJCCIC Advisory : Update Software on all Microsoft Products Due to High Risk of Hacking

Posted on

NJOHSP : Exercise Caution During Job Search

external content.duckduckgo 1

the staff of the Ridgewood blog

Ridgewood NJ, according NJ OFFICE OF HOMELAND SECURITY AND PREPAREDNESS ,  Job seekers are urged to exercise caution during their job search, as they could be targeted with fraudulent offers via phishing emails, social media, or SMS text messaging, according to NJCCIC. Threat actors entice their victims with promises of opportunities that are “too good to be true” to deliver malware, steal funds or collect personally identifiable information. These schemes may cost victims thousands of dollars and negatively impact their credit scores, according to the FBI. Job seekers are encouraged to research potential employers before providing sensitive information to unknown senders. The NJCCIC also recommends reviewing its Identity Theft and Compromised PII product for additional guidance.

Posted on

Cryptocurrency Schemes on the Rise in New Jersey

external content.duckduckgo 47

the staff of the Ridgewood blog

Ridgewood NJ, the New Jersey Cybersecurity and Communications Integration Cell has recently received several reports of cryptocurrency-related incidents. Cryptocurrency schemes occur when threat actors gain access to users’ cryptocurrency exchange accounts. Threat actors offer investment tips and guaranteed returns in attempts to lure their victims. As cryptocurrency incidents continue to increase, the NJCCIC recommends users implement multifactor authentication and create strong and unique passwords for their accounts.

Continue reading Cryptocurrency Schemes on the Rise in New Jersey

Posted on

Beware of Sextortion and Romance Scams

external content.duckduckgo 26

the staff of the Ridgewood blog

Ridgewood  NJ, over the last several years, the NJCCIC reported on sextortion scams in which victims were threatened with the release of compromising or sexually explicit photos or videos of the victim if an extortion payment was not made. Threat actors may use social engineering tactics to lure their victims via email, text message, or direct messages on social media or dating apps, and they may pose as potential love interests to build trust, communicate their story, and profess their love in an attempt to convince their victims to divulge information or send money. Other campaigns included claims that the threat actors successfully compromised the victim’s computer or mobile device and were able to take compromising screenshots or recordings of the victim that were sexually explicit in nature, further threatening to release them if an extortion payment was not made. These campaigns may appear convincing, but these threats were not credible as threat actors were unable to provide proof of the compromised photos or videos.

Continue reading Beware of Sextortion and Romance Scams

Posted on

UPDATE : The Surveillance State: The Nefarious Use of Bluetooth Tracking Devices

bluetoothtracker 2048px 3233 2x1 1

Image Source: New York Times

the staff of the Ridgewood blog

Ridgewood NJ, a swimsuit model says she was stalked by a stranger who slipped an Apple AirTag tracker into her coat pocket before following her for five hours.

Brooks Nader, 26, claims the disturbing incident occurred Wednesday night while she was out in New York City, and she only realized it when her iPhone alerted her to the fact that an “unknown accessory” was moving with her.

it is inevitable that items—such as keys, wallets, purses, and bags—may be lost or misplaced. To help prevent this, users can attach tracking devices to everyday items and connect them to a smart device via Bluetooth. Then, if items are lost or misplaced, users can use an app to search for them and determine their location with impressive accuracy. If the tracking devices are within Bluetooth range, the app can easily trigger an audible alert to help locate them. If the tracking devices are not within range, the app leverages nearby smart devices to transmit their location and send alert notifications to the owner and/or finder. There are multiple Bluetooth tracking devices to choose from, such as Apple AirTags and Tile tracker tags. Although their use can be a positive, legitimate, and convenient way to keep track of items, tracking devices have the potential for intentional misuse and abuse. We explore how perpetrators may use these tracking devices for nefarious purposes—committing malicious cyber activity, impacting personal safety, and enabling auto theft.

Continue reading UPDATE : The Surveillance State: The Nefarious Use of Bluetooth Tracking Devices

Posted on

Who is Spying On You?

external content.duckduckgo 45

the staff of the Ridgewood blog

What is Spyware?

Spyware refers to malicious software often used to monitor, capture, and share detail information from computers, phones, or other devices. It can collect emails, social media posts, call logs, messages on encrypted chat apps, contacts, usernames and passwords, notes, and documents such as photos, videos, and audio recordings. It can also collect GPS information to determine a user’s location, movement, and direction. Some spyware can also activate microphones and cameras as well as deliver files without any indicators or notifications to users. Spyware can be simple or sophisticated and rely on security weaknesses or unpatched software vulnerabilities. Although device and file encryption are recommended, it cannot assist in preventing spyware activity because once the encrypted message is delivered to the device, it is decrypted and made readable by both the user and the spyware.

Continue reading Who is Spying On You?