Security Reference
Email Scam Watch
Last updated: March 2026
A regularly updated reference of active email scams targeting businesses and individuals. Bookmark this page and check back. We update it as new threats emerge. Additional scam intelligence sourced from the NJ Cybersecurity & Communications Integration Cell (NJCCIC).
⚠ High Risk
CEO / Executive Impersonation (BEC)
An email appears to come from your CEO or a senior executive, urgently requesting a wire transfer, gift card purchase, or change to payment instructions. The address is spoofed or slightly misspelled. These scams cost U.S. businesses billions annually.
What to do: Never act on financial requests received only by email. Call the executive directly using a known number to verify before transferring any funds or purchasing gift cards.
⚠ High Risk
AI-Generated Phishing Emails
Unlike older phishing attempts with obvious errors, AI-generated phishing emails are now grammatically perfect, match your company’s tone, and may appear to come from a known colleague or vendor. You can no longer rely on poor writing as a warning sign.
What to do: Verify any unusual request through a separate channel. Call directly; do not reply to the email in question.
⚠ High Risk
Vendor / Invoice Fraud
A scammer compromises a vendor’s email account or spoofs their domain, then sends a fraudulent invoice or updated banking details notice. Payments are redirected to the attacker’s account without the legitimate vendor’s knowledge.
What to do: Any change to payment instructions from a vendor must be verified by calling the vendor at a number you already have on file. Never use a number provided in the email itself.
⚠ High Risk
Fake Microsoft / Google Login Pages
An email warns that your Microsoft 365 or Google Workspace account has unusual activity and urges you to verify your credentials. The link leads to a convincing fake login page that captures your username and password in real time.
What to do: Never click login links in emails. Type the address directly into your browser. Enable multi-factor authentication (MFA) on all accounts.
⚠ High Risk
Government Impersonation Scams
Scammers pose as the IRS, Social Security Administration, Medicare, or local government agencies. They claim you owe money, are under investigation, or need to verify personal information. Contact is made by email, phone, or text, often with threats of arrest or fines to create urgency.
What to do: Legitimate government agencies initiate contact by mail, not email or phone. Never provide personal information or payment in response to an unsolicited contact. Verify by calling the agency directly using a number from their official website.
⚠ High Risk
Tax & IRS Phishing Campaigns
Particularly active during tax season, these emails impersonate the IRS or tax software companies like QuickBooks or TurboTax. They may claim issues with your filing, request you review a document via a link, or ask you to verify your Electronic Filing Identification Number. Clicking the link can install malware or steal credentials.
What to do: The IRS contacts taxpayers by mail first, never by email or text. Do not click links in tax-related emails. Go directly to irs.gov to check your account status.
⚠ High Risk
Real Estate Wire Transfer Fraud
Scammers monitor real estate transactions and intercept email communications between buyers, sellers, agents, and attorneys. At a critical moment, they send fraudulent wire instructions that appear to come from a legitimate party. Funds sent to the wrong account are rarely recovered.
What to do: Always verify wire instructions by calling your real estate agent, attorney, or title company at a number you independently sourced before sending any funds. Be especially cautious of last-minute changes to payment details.
⚠ High Risk
Tech Support Impersonation
A pop-up, email, or phone call claims your computer has a virus or security problem and instructs you to call a number or allow remote access. The caller poses as Microsoft, Apple, or another tech company. Once they have access, they install malware, steal data, or demand payment to fix a problem that does not exist.
What to do: Microsoft and Apple do not contact you unsolicited about computer problems. Close the pop-up, hang up the call, and never grant remote access to someone who contacts you first.
● Medium Risk
QR Code Phishing (“Quishing”)
Emails or printed materials contain a QR code that, when scanned, leads to a fake login page or triggers a malware download. QR codes bypass traditional email link scanners because the destination URL is embedded in an image rather than clickable text.
What to do: Use a QR scanner that previews the destination URL before opening it. Be skeptical of any QR code in an unexpected email, especially those requesting login credentials.
● Medium Risk
SMS Text Phishing (“Smishing”)
Text messages impersonate banks, delivery services, or government agencies and contain links to fake websites. Common messages claim your bank account has been locked, a package is held for delivery, or you owe an unpaid toll. The links capture login credentials or payment information.
What to do: Do not click links in text messages from unknown numbers. Navigate directly to the official website by typing the address yourself, or call the organization using a number from their official site.
● Medium Risk
Cryptocurrency & Investment Scams
Scammers contact victims through social media, email, or dating apps with promises of guaranteed high returns on cryptocurrency or other investments. They may show fabricated profit dashboards to build trust before asking for larger deposits. Victims find they cannot withdraw funds and the platform disappears.
What to do: Be extremely skeptical of any unsolicited investment opportunity, especially those promising guaranteed returns. Research any platform independently before sending money, and never invest more than you can afford to lose entirely.
● Medium Risk
Package / Delivery Notification Scams
Emails claiming to be from UPS, FedEx, or USPS indicate a package could not be delivered and prompt you to click a link or pay a small fee to reschedule. The link installs malware or collects payment information.
What to do: Track packages by going directly to the carrier’s website and entering your tracking number. Carriers do not ask for payment via email to release a shipment.
● Medium Risk
Social Engineering & Pretexting
Attackers research their targets online and craft highly personalized scenarios to manipulate them into revealing information or taking action. They may pose as a new employee, IT staff, auditor, or vendor and use details from LinkedIn or company websites to appear credible.
What to do: Verify the identity of anyone requesting sensitive information or system access, regardless of how convincing they seem. Establish a clear internal process for verifying identity before granting access or sharing data.
● Medium Risk
Pension & Retirement Plan Scams
Scammers contact employees by email, phone, or social media offering a free review of their pension or retirement plan with promises of better returns. They collect personal information and may attempt to redirect deposits to attacker-controlled accounts. Fraudulent domains are created to mimic official government pension sites.
What to do: Contact your HR department or plan administrator directly using contact information from official company communications, not from an unsolicited message. Never provide personal or financial information to someone who contacts you first.
Additional scam intelligence sourced from the NJ Cybersecurity & Communications Integration Cell (NJCCIC). Report suspicious activity to the FBI Internet Crime Complaint Center (IC3).