NJCCIC recently identified an aggressive phishing campaign targeting several New Jersey State agencies that regularly communicate with law firms. The phishing email’s subject line claims to reference various types of legal documents, such as settlements, reviews, or payment claims. The body contains an HTML link that appears to be shared documents from a law office. If clicked, the recipient is directed to a webpage that prompts them to click a hyperlink in order to review the documents.
If the hyperlink is clicked, the user is redirected to another webpage to verify they are not a bot, feigning security and authenticity, before finally being sent to a login page requesting credentials, which are sent to the threat actor if submitted. The webpage includes common red flags, such as grammatical errors, and contains anti-virus and sandbox detection, limiting the scope of analysis.
What You Should Do
If you happen to receive any suspicious emails, do not click on any links. Report the email to your IT team and delete it!
Have additional questions? Contact a member of the BMT team.