Photo: Getty Images
As the holiday season approaches, authorities in New Jersey are warning residents about the increased risk of cyber scams. Cybercriminals often take advantage of the holiday season to launch a variety of scams, including fake tech support calls, phishing attempts, and cyber threats.
The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) advises residents to be cautious when clicking on suspicious links or emails. If the sender is unknown, it's best not to open the email. The NJCCIC also warns against falling for emails advertising "incredible" deals, prizes, and sweepstakes, urgent delivery notices, fake charities, and threats to pay up or utilities will be disconnected.
One common scam involves Magecart attacks, a type of web-based data skimming operation used to capture customer payment card data from the checkout pages of online stores. Cybercriminals gain access to the targeted website, inject malicious JavaScript code into the checkout page to skim the desired data, and send the information back to a threat actor-controlled server. The NJCCIC encourages online shoppers to use credit cards over debit cards as they often have better consumer fraud protections.
Another common scam involves spoofed emails that appear to come from known retailers regarding sales and coupons, order confirmations, and shipping notices. These emails may contain links or attachments that install malware or lead recipients to spoofed websites that steal user credentials.
The NJCCIC also warns against scams involving public charging stations. These kiosks can contain concealed computers that attempt to extract data such as contact information, photos, and videos from connected devices.
Finally, the NJCCIC advises residents to be cautious when donating to charities during the holiday season. Prior to donating, research the charity through a nonprofit site such as charitywatch.org or charitynavigator.org for information on charity legitimacy.
Residents who experience a cyber-related incident are encouraged to report it to the NJCCIC via the Report a Cybersecurity Incident form. All other scams can be reported to the Federal Trade Commission (FTC) via their website.