DATE: 3/27/2025
OVERVIEW:
Cyber crime is expected to cost the world over $10 Trillion by 2025. As a consumer, student, employee, online banker, teacher- YOU ARE A TARGET.
This bulletin will explain common scams, highlight new emerging threats, best practices to improve your personal cybersecurity, and quick tips to stay protected.
NEW THREATS:
The NJCCIC’s email security solution identified a fake CAPTCHA malware campaign sent to New Jersey State employees in an attempt to deliver the SectopRAT infostealer. The emails contain links directing targets to malicious or compromised websites and prompting deceptive CAPTCHA verification challenges. In the background, the visited website copies a command to the target’s clipboard. The CAPTCHA prompts the target to verify their identity by opening a Windows Run dialog box and running the paste command.
The first part of the command triggers a legitimate Windows executable to fetch a malicious file from the specified domain and run it; this command is purposefully obfuscated so that the target only sees the last part of the pasted content stating “I am not a robot – reCAPTCHA Verification ID: ####” in the Windows Run dialog box. When executed, it prompts the user to click OK to verify their identity, and the encoded PowerShell command runs in the background. The target inadvertently downloads and executes SectopRAT malware.
BEST PRACTICES:
- Remember; legitimate CAPTCHA verification challenges validate a user’s identity and do not require users to copy and paste commands or output into a Windows Run dialog box.
- If you encounter a suspicious CAPTCHA verification challenge, refrain from visiting the website or taking further action.
- Keep browsers and anti-virus/anti-malware software up to date.
- Disable JavaScript in the browser before visiting unknown websites.
- Report malicious cyber activity to the FBI's IC3 and the NJCCIC or Kean IT Security via email [email protected].
PREVIOUS THREATS:
From: Impersonator <[email protected]>
Sent: Friday, December 20, 2024 1:59 PM
To: User <[email protected]>
Subject: DD Pay Auth
Hi User,
I need to update my new bank information before the next payroll is submitted. What is required ?
Best regards,
Impersonator
Executive Director
Kean University
Phishing Indicators:
- Sender Email: The email is not from a valid Kean University domain (@kean.edu).
- Grammar/Punctuation Errors: Improper use of punctuation in "What is required ?".
- Lack of Proper Signature: The email lacks a formal signature used by Kean University staff.
We've been receiving reports of phishing emails that are impersonating Kean University staff/faculty for malicious purposes. In this example, the impersonator appears to be acting as a Kean University employee inquiring about updating banking information. On the surface, the email seems normal as it says it's from an actual staff/faculty member. When inspecting the email in detail however, there are some key issues throughout the email.
Firstly, the actual email address of the impersonator isn't a real Kean University designated email address, but a random outside based email address. Additionally, the email doesn't use a proper email signature used by Kean University employees and has a punctuation error. When reviewing emails, always verify the address to ensure it is from someone you know and be on the lookout for suspicious mistakes in the email contents.
TIPS TO STAY SAFE:
Staying safe online requires vigilance and continuous learning. Cyber threats evolve every day, but by adopting these strategies, you can reduce your vulnerability and safeguard your digital life. Always question unusual requests, emails, or activities, and when in doubt—pause, verify, and act cautiously. Should you require any further assistance or have questions, please feel free to reach out to our dedicated helpdesk.