| The NJCCIC received reports of threat actors impersonating multiple New Jersey local municipalities to steal sensitive data and funds and exploit public trust. Threat actors take advantage of residents who interact with their local municipalities regularly and are more likely to trust communications appearing to be official. They pose as local officials and contact residents through unsolicited communications to demand information or money using threats and deceptive tactics such as stolen branding and logos, unofficial or spoofed email addresses and phone numbers, and fake documents. |
| In the above example, threat actors impersonate a local municipality in an unsolicited email to create urgency and legitimacy by demanding additional payment to avoid delays in the bulk variance application approval process. The sender’s display name is “Planning Commission [local municipality name].” In the sender’s email address, the username is “planning-commission.[local municipality name]nj” with a “usa” domain name and .com top-level domain (TLD), unlike the official local municipality. The subject line displays “Settlement of Application Review and Approval Fee Invoice” and includes an attached Adobe PDF file. |
| The attached Adobe PDF file appears to be an official and legitimate invoice, but it contains stolen branding and logos in the watermark in the background and on the letterhead. The fraudulent invoice itemizes various fees due upon receipt. Unlike typical payment methods of checks or official portals, the remittance instructions in the invoice indicate payment is only through wire transfer, and the threat actors will provide those instructions upon request. If requested, the bank account information provided is not affiliated with the local municipality and may be linked to an out-of-state bank account. The threat actors further instruct their target to email them a signed copy of the invoice and the wire transfer payment receipt for confirmation. The invoice also states that this fee supports the administrative processing, legal evaluation, zoning compliance verification, and public notification procedures directly tied to the recipient’s application. If this fraudulent scheme is successful, the threat actors steal the funds and use the victim’s sensitive information and signature to commit identity theft, financial fraud, and other malicious activity. |