A Month in Review: Phishing Campaigns Target Account Credentials

On a monthly basis, over 120 million emails are sent to NJ State Government email addresses from external domains. Approximately 85% (102 million) of the inbound emails are blocked by the State’s mail filters as they include spam, malware, phishing scams, etc. These mail filters act as a first level of defense in the State’s defense-in-depth approach to security. In reviewing the past month’s logs, the NJCCIC noted that emails containing the Emotet trojan represented the largest volume of emails blocked due to the detection of malicious attachments and links.

But no matter how effective any one layer of defense may be, it is not impenetrable. During the month of September, we also noted that phishing emails targeting users’ credentials were the most successful in bypassing the mail filters and being delivered to end users. These included phishing emails crafted to obtain login credentials for OneDrive, DocuSign, Dropbox, SharePoint, Netflix, and more. Threat actors are constantly devising ways to defeat technical controls such as mail filters. It’s akin to a game of cat and mouse. As such, subsequent layers of defense including, but not limited, user awareness and training, multi-factor authentication, and other security tools and tactics are necessary to protect users’ credentials and the systems and information that they provide access to. Towards that end, the NJCCIC strongly recommends never using links provided in unsolicited emails to visit websites requiring the input of account credentials. Users who receive unexpected or unsolicited email requests from known senders inviting them to click on a link or open an attachment should always verify the sender via another means of communication before taking any action. Enable multi-factor authentication on all accounts that offer it to prevent unauthorized access as a result of credential compromise.