Security Reference
Email Scam Watch
Last updated: May 2026
A regularly updated reference of active email and text scams targeting businesses and individuals. Bookmark this page and check back. We update it as new threats emerge.
⚠ High Risk
AI-Generated Phishing Emails
Still the top threat of 2026. Over 80% of phishing emails are now AI-generated, with a 60% higher click rate than traditionally written scams. These emails are grammatically perfect, match your organization’s tone, and can appear to come from someone you know. You can no longer use poor writing as a warning sign.
What to do: Verify any unusual request through a separate channel. Call the sender directly using a known number. Do not reply to the email or use any contact information provided within it.
⚠ High Risk
Deepfake Video & Voice Call Scams
In a widely reported case, a finance employee wired $25.6 million after joining a video call where every participant, including the CFO, was a deepfake. In 2026, AI voice and video cloning tools are accessible and inexpensive. Scammers are using them to impersonate executives, family members, and colleagues in real-time calls. Assume any unexpected video or voice request involving money or credentials could be fabricated.
What to do: Establish a verbal code word with your family and close colleagues for use in genuine emergencies. For any financial request received by phone or video, hang up and call back on a number you independently have on file. Never assume a video call is real.
⚠ High Risk
CEO / Executive Impersonation (BEC)
Emails appearing to come from your CEO or a senior executive urgently requesting a wire transfer, gift card purchase, or payment instruction change. AI is now used to mimic the exact writing style of specific executives pulled from public emails and LinkedIn posts. Business email compromise caused $2.7 billion in verified losses in 2024, with 2025 figures expected to be higher.
What to do: Never act on financial requests received only by email. Call the executive directly using a known number. Establish a two-person approval policy for all wire transfers regardless of who is asking.
⚠ High Risk
Callback Phishing (Phone-Based Fraud)
You receive an email with a fake invoice, subscription renewal, or security alert telling you to call a phone number. Phone numbers bypass email security filters entirely. Once you call, attackers use social engineering to walk you through installing remote access software or revealing credentials. This method increased 500% in late 2025 and remains one of the fastest-growing attack types in 2026.
What to do: Never call a phone number provided in an unexpected email. Look up the company’s number independently and call that instead. Legitimate companies do not send alarming invoices requiring immediate calls to resolve them.
⚠ High Risk
Vendor / Invoice Fraud
A scammer compromises a vendor’s email account or spoofs their domain and sends a fraudulent invoice or updated banking details notice. Payments are redirected without the legitimate vendor’s knowledge. Vendor email compromise attacks rose 66% in 2024, and research found that 72% of employees engaged with test vendor impersonation emails, making this among the most successful attack types.
What to do: Any change to payment instructions from a vendor must be verified by calling the vendor at a number you already have on file. Never use a number provided in the email.
⚠ High Risk
Fake Microsoft / Google Login Pages
Microsoft is the most impersonated brand in phishing attacks in 2026, followed by Google. The NJCCIC has received recent reports of active campaigns targeting Microsoft 365 accounts specifically. Emails warn of unusual account activity and link to convincing fake login pages. A compromised Microsoft 365 or Google Workspace account gives attackers access to your entire operation, including email history, contacts, and connected services.
What to do: Never click login links in emails. Type addresses directly into your browser. Enable multi-factor authentication on all accounts and choose an authenticator app or hardware token over SMS codes when possible.
⚠ High Risk
Tax & IRS Phishing (2026 Dirty Dozen)
The IRS published its 2026 Dirty Dozen list in March 2026. Top threats include emails impersonating the IRS, QuickBooks, TurboTax, and DocuSign with fake filing alerts, AI robocalls using cloned agent voices, and spear-phishing targeting tax professionals with fake client or document request emails. The IRS also flagged a new scheme involving fabricated long-term capital gains claims on Form 2439. Over 600 social media IRS impersonators were reported in fiscal year 2025.
What to do: The IRS contacts taxpayers by mail first, never by unsolicited email, text, or social media. Go directly to irs.gov to check your account status. Report suspicious IRS-related emails to phishing@irs.gov.
⚠ High Risk
Real Estate Wire Transfer Fraud
Scammers monitor real estate transaction email threads and, at a critical moment, send fraudulent wire instructions appearing to come from your agent, attorney, or title company. Funds sent to the wrong account are rarely recovered. This remains an active and consistent threat reported to the NJCCIC from New Jersey residents.
What to do: Always verify wire instructions by calling your agent, attorney, or title company at an independently sourced number before sending any funds. Be especially cautious of any last-minute changes to payment details.
⚠ High Risk
Tech Support Impersonation
A pop-up, email, or phone call claims your computer has a virus or critical security problem and instructs you to call a number or grant remote access. The caller poses as Microsoft, Apple, or another tech company. Once they have remote access, they install malware, steal data, or demand payment to fix a non-existent problem. Apple issued a specific warning in early 2026 about a surge in Apple Pay impersonation scams targeting iPhone users in the US and Europe.
What to do: Microsoft and Apple do not contact you unsolicited about computer problems. Close the pop-up immediately, hang up the call, and never grant remote access to someone who contacts you first.
⚠ High Risk
Government Impersonation & Jury Duty Scams
The FTC received over 330,000 government impersonation complaints in 2025, a 25% increase over the prior year. Scammers pose as the IRS, Social Security Administration, FBI, or courts. A resurgent version involves scammers claiming you missed jury duty and threatening arrest or fines unless you pay immediately or verify personal information. They may use spoofed phone numbers that appear to come from real agencies or courthouses.
What to do: Real courts and law enforcement do not call to threaten arrest for missed jury duty. Legitimate agencies do not demand payment by gift card, cryptocurrency, or wire transfer. Hang up and call the agency directly using a number from their official .gov website.
⚠ High Risk
Fake Job Offers & Employment Scams
With over 1.17 million U.S. layoffs in 2025, employment scams are surging in 2026. Scammers post fake positions on legitimate job boards or contact job seekers directly. Goals include collecting Social Security numbers, banking details, or upfront fees. Some fake job offers ask you to “like” or “rate” content online for pay, which the FTC has stated is against the law in the US.
What to do: Never pay any fee to obtain a job or interview. Research the company independently before providing any personal information. A legitimate employer will never ask for upfront payment.
● Medium Risk
Amazon Prime & Subscription Renewal Scams
The NJCCIC issued an alert in April 2026 about an active phishing campaign impersonating Amazon Prime renewal notices. Emails claim payment issues or billing problems and direct users to fraudulent websites mimicking Amazon’s login page to collect credentials and payment details. Similar campaigns target Netflix, Adobe, and other subscription services. The sender address is not associated with the real company despite the official-looking branding.
What to do: Do not click links in subscription renewal emails. Navigate directly to the company’s website by typing the address yourself to check your account status. Check the actual sender email address carefully for misspellings or unrelated domains.
● Medium Risk
NJ MVC & E-ZPass Text Scams
The NJCCIC continues to receive reports of SMS phishing targeting New Jersey residents in 2026. Texts impersonate the NJ Motor Vehicle Commission claiming you owe an unpaid traffic ticket, threatening license suspension, registration loss, and credit damage. Separate campaigns impersonate E-ZPass claiming unpaid tolls. URLs in these messages include terms like “ezpassnj” and “.gov” to appear legitimate but lead to credential and payment harvesting sites.
What to do: The NJ MVC only texts residents about scheduled appointments. E-ZPass does not send unsolicited payment texts. Do not click links or reply to these messages. Go directly to the official agency website to check your account. Forward suspicious texts to 7726 (SPAM).
● Medium Risk
FIFA World Cup 2026 Scams (Emerging)
With the FIFA World Cup running June 11 through July 19, 2026, and MetLife Stadium in East Rutherford, NJ hosting eight matches including the final, the NJCCIC has issued an advance warning. Major sporting events are consistent targets for phishing campaigns, fraudulent ticketing websites, fake merchandise stores, malicious mobile apps, and deepfake content. Hundreds of scam domains impersonating official FIFA and venue websites are expected to be registered in the weeks ahead.
What to do: Purchase tickets only through FIFA’s official website or authorized sellers. Be extremely cautious of any third-party ticketing site, especially those with recently registered domains. Verify the URL before entering payment information.
● Medium Risk
QR Code Phishing (“Quishing”)
Emails and physical materials contain QR codes directing you to fake login pages or malware downloads. Attackers now place fake QR code stickers over legitimate codes at parking meters, retail locations, and office signage. QR codes bypass email security filters because the destination URL is embedded in an image. Frequently used to impersonate Microsoft, Adobe, and DocuSign.
What to do: Use a QR scanner that previews the destination URL before opening it. Be skeptical of QR codes in unexpected emails or on physical signs, especially those requesting login credentials or payment.
● Medium Risk
Cryptocurrency & Investment Scams
Scammers use deepfake videos of celebrities and public figures to promote fake investment platforms. They contact victims through social media, email, and dating apps with promises of guaranteed returns. Crypto phishing losses reached $2.17 billion in 2025. Romance-based crypto investment scams remain one of the most prevalent fraud types of 2026, often involving months of trust-building before the request for money.
What to do: No legitimate investment guarantees profit. Be skeptical of any unsolicited investment opportunity, especially those promoted by someone you met online. Research any platform independently and never invest money you cannot afford to lose entirely.
● Medium Risk
Social Engineering & Pretexting
Attackers research targets on LinkedIn and company websites, then craft personalized scenarios to manipulate them into revealing information or granting access. They may pose as IT staff, auditors, new employees, or vendors. Third-party vendor impersonation doubled in 2025. Multi-channel attacks, where the same fake message arrives through email, text, and social media simultaneously, make these more convincing than single-channel attempts.
What to do: Verify the identity of anyone requesting sensitive information or system access, regardless of how convincing they seem. Establish a clear internal process for verification before granting access or sharing data. A second opinion from a colleague can stop a bad decision quickly.
● Medium Risk
Pension & Retirement Plan Scams
Scammers contact employees by email, phone, or social media offering a free review of their retirement savings with promises of better returns. They collect personal information and attempt to redirect deposits to their accounts. Fraudulent domains have been created to mimic official state pension websites, including those for New Jersey state employees.
What to do: Contact your HR department or plan administrator directly using contact information from official company communications, not from any unsolicited message. Never provide personal or financial information to someone who reaches out to you first.
Sources: NJ Cybersecurity & Communications Integration Cell (NJCCIC) | IRS 2026 Dirty Dozen | FBI Internet Crime Complaint Center (IC3) | AARP Fraud Watch 2026 | Hoxhunt Phishing Trends Report | Paubox 2026 Email Threat Report | Bitdefender Scam Intelligence 2026
Report suspicious activity to the FBI IC3, the FTC, or the NJCCIC. Forward suspicious text messages to 7726 (SPAM).
Report suspicious activity to the FBI IC3, the FTC, or the NJCCIC. Forward suspicious text messages to 7726 (SPAM).