Emails Impersonating The New Jersey Attorney General’s Office Sent To State Employees

Several New Jersey state employees have received spoofed emails impersonating the NJ Office of the Attorney General (OAG).

The emails were discovered by the state Cybersecurity & Communications Integration Cell (NJCCIC), which says the emails appeared to be sent from the email address noreply[@]njoag[.]gov; however, the email originated from the hostname slot0[.]bustomshisoa[.]com.

It is not known which department the state employees work for.

These particular messages were blocked as they failed SPF checks and were rejected by DMARC policy.

The scammers were also used additional tactics to create a sense of urgency by including the subject line, “Email Security Notification,” and requesting the recipient to confirm their email account.

The included link directed the recipient to a webpage containing a login screen with the recipient’s email address already populated and a background image copied from the legitimate NJ OAG website.

While the included URL link was not associated with NJ OAG, the branding and seemingly legitimate sender email address could convince a user into entering their account credentials.

No arrests have been made.

The NJCCIC is a division of the New jersey Office of Homeland Security and Preparedness.

This content, and any other content on TLS, may not be republished or reproduced without prior permission from TLS. Copying or reproducing our content is both against the law and against Halacha. To inquire about using our content, including videos or photos, email us at [email protected].

Stay up to date with our news alerts by following us on Twitter, Instagram and Facebook.

**Click here to join over 20,000 receiving our Whatsapp Status updates!**

**Click here to join the official TLS WhatsApp Community!**

Got a news tip? Email us at [email protected], Text 415-857-2667, or WhatsApp 609-661-8668.