Weekly SEA

Phishing Remains Top Cyberattack Method
Comment: No organization can fully protect themselves against the threat of phishing; however, organizations can reduce their risk by educating their employees about the different tactics social engineers use to obtain sensitive information and gain unauthorized access into networks. In addition to education, organizations should also have an incident response plan in place, as well as a comprehensive data backup and recovery plan to fully guard against this and other cyber threats.

Old Phone Scam Takes New Twist In Essex County: Sheriff
Comment: Essex County officials are warning residents of a phone scam in which the perpetrators claim they are from the Sheriff’s Office and accuse victims of failing to appear for jury duty, threatening them with an arrest warrant if they do not pay a fine. If victims agree to pay, they are instructed to purchase a prepaid debit card with an amount specified by the perpetrators and then provide them with the card information. Please remember that no government or law enforcement agency will ever demand payment over the phone in the form of a prepaid debit card or gift card and official communications of a serious nature will always arrive via the US Postal Service. Victims of this or other phone scams are encouraged to report it to their local police department, the NJCCIC, and the FBI Internet Crime Complaint Center.

Watch Out for Phishing Emails Linking to Fake Meltdown and Spectre Patches
Comment: Social engineers know that using well-publicized events and topical news items can lure even the most educated and tech-savvy individuals to dangerous, malware-laden websites. This is why it is very important to run reputable and up-to-date antivirus software at all times and scan every executable you download for malware, even if it initially appears to be a legitimate file. For a vetted list of vendors providing patches for Meltdown and Spectre, please see the NJCCIC Meltdown and Spectre Product Vulnerability and Update List.