Garden State's Cyber Threat during Holiday Shopping Season

The NJ Cybersecurity & Communications Integration Cell (NJCCIC) recently reported that New Jersey is one of several states with the most significant increases in card skimming incidents, with at least a 50% year over year increase. Based on this trend, they have issued a warning that the upcoming holiday shopping season will yield increased card skimming opportunities for threat actors to capture and steal customer data and financial information through various digital and physical realms, such as stores, restaurants, gas stations, and ATMs. This stolen data has severe consequences for consumers and businesses, including loss in revenue, legal damages, compliance issues, cross-site contamination, identity theft, fraud, and subsequent malicious activity.

The NJCCIC recommends using credit cards over debit cards for purchases, as credit cards often have greater consumer protections that limit a victim’s liability if fraudulent purchases are made. Navigate directly to known, secure, and encrypted websites and designate/monitor one credit card for purchases, if possible. We highly encourage enabling multi-factor authentication (MFA) on every account that offers it, including any online shopping websites.

The NJCCIC recommends organizations and users educate themselves and others on these continuing threats and tactics to reduce victimization. Website administrators are urged to use only vetted first-party code, ensure hardware and software are up to date, use a web application firewall (WAF) to block and alert for potential code injection attacks, block unauthorized transmission of personal data by implementing a Content Security Policy (CSP), and schedule routine website scans to identify changes in JavaScript code composition.

Businesses and consumers should review the Identify Theft and Compromised PII NJCCIC Informational Report for additional recommendations and resources including credit freezes and enabling MFA on accounts.