Several New Jersey state employees have received spoofed emails impersonating the NJ Office of the Attorney General (OAG).
The emails were discovered by the state Cybersecurity & Communications Integration Cell (NJCCIC), which says the emails appeared to be sent from the email address noreply[@]njoag[.]gov; however, the email originated from the hostname slot0[.]bustomshisoa[.]com.
It is not known which department the state employees work for.
These particular messages were blocked as they failed SPF checks and were rejected by DMARC policy.
The scammers were also used additional tactics to create a sense of urgency by including the subject line, “Email Security Notification,” and requesting the recipient to confirm their email account.
The included link directed the recipient to a webpage containing a login screen with the recipient’s email address already populated and a background image copied from the legitimate NJ OAG website.
While the included URL link was not associated with NJ OAG, the branding and seemingly legitimate sender email address could convince a user into entering their account credentials.
No arrests have been made.
The NJCCIC is a division of the New jersey Office of Homeland Security and Preparedness.