Weekly SEA

Fake Meltdown/Spectre Patch Installs Malware 
Comment: Social engineers are using recent news regarding Meltdown and Spectre to trick unsuspecting victims into downloading malware. A recent email campaign was observed attempting to lure victims to a malicious website masquerading as a resource for Meltdown and Spectre information and patches. The website hosts a ZIP file claiming to contain a security patch but, in reality, it contains Smoke Loader, a trojan that creates backdoors in systems. To protect yourself from falling victim to this and similar scams, never click on links included in the body of unsolicited emails. For the latest information on Meltdown and Spectre, visit the NJCCIC’s product vulnerability and update list here

Real Life Examples of Phishing at Its “Phinest”
Comment: Phishing continues to be so prevalent because of its effectiveness, and sophisticated social engineering campaigns put all of us at risk of account and credential compromise. The best way to protect against this threat is to enable multi-factor authentication on every account that offers it and refrain from using the same password across multiple accounts. 

Ridgewood Residents Are Victims of Credit Card Fraud, PSE&G Scam 
Comment: One Ridgewood, New Jersey resident lost approximately $1,500 to a caller who claimed to be a PSE&G employee and threatened to cut her power service unless she submitted payment via MoneyPak prepaid debit cards. Unfortunately, the only way to prevent victimization is through education and awareness. Please inform friends and neighbors – especially senior citizens – about these types of scams and remind them that no legitimate company or agency will ever require payment in the form of gift cards, prepaid debit cards, or money transfers. Recipients of these scam calls are urged to hang up immediately and report them to their local police department.