NJOHSP Accepting Summer Internship Applications; NJCCIC: Be Wary of QR Code Fatigue; 'X' Reportedly Provides Terrorists Premium Accounts in Violation of US Sanctions

The New Jersey Office of Homeland Security and Preparedness is currently accepting applications for its 2024 paid, in-person summer internship program, which runs from June 10 through Aug. 2. The internships are offered within one of NJOHSP’s four mission areas: Counterterrorism, Preparedness, Cybersecurity and Administration. Students must be enrolled full time in an accredited college, university or postgraduate program to be eligible and are welcome to apply regardless of whether they are seeking college credits. The application window closes March 4. Applicants have the flexibility to provide their availability during a Monday through Friday, 8 a.m. to 5 p.m. schedule in the agency’s Hamilton Township, West Trenton or Newark locations. Summer interns may work a maximum of 35 hours per week. The internship program, also offered during the fall and spring semesters, helps interns develop and apply their educational training to a real-world setting as they explore various NJOHSP career paths. Under the guidance of a supervisor or mentor, interns work on ongoing projects, participate in field excursions, attend meetings and presentations, have access to online professional training courses and learn firsthand about NJOHSP partnerships with local, State and federal agencies. The program concludes with a capstone presentation in which each intern focuses on one or two main projects and presents their work to NJOHSP leadership.

Reports of QR code phishing or quishing attacks have recently increased as threat actors are taking advantage of the increased adoption of QR codes for menus, check-in systems, wireless payments and more. Threat actors use malicious QR codes in several attack vectors, including parking meters, as part of government impersonation and romance scams and in Human Resource phishing attempts. Due to their minimal text and hidden URLs, quishing attacks have a higher chance of bypassing spam filters in legacy email security systems. Abnormal Security, an email security platform, reported that 89.3 percent of detected quishing attacks are designed to harvest credentials, with over a quarter disguised as fraudulent multifactor authorization requests. The New Jersey Cybersecurity and Communications Integration Cell advises users to refrain from scanning QR codes without first verifying the code's legitimacy and to follow the recommendations in the Better Business Bureau report. The report details ways to avoid falling victim to a QR code scam, including looking for signs of QR code tampering and reviewing the code's associated URL before navigating to the website. For more information, visit the NJCCIC website.

In a Feb. 14-released report, a watchdog organization claimed that the social media platform, X, formerly known as Twitter, granted blue account verification checkmarks to designated terrorist groups’ accounts. In exchange for payment, X reportedly permitted a Lebanon-based Hizballah leader, the Houthis and Iranian and Russian-based media to pay for blue checkmarks, which critics say is in direct violation of U.S. sanctions. Author of the report, the Tech Transparency Project, is a nonprofit, non-partisan-funded information hub for journalists, academics and policymakers. The TTP conducted an investigation into the social media giant providing $8 monthly premium services to those aforementioned accounts seeking the coveted blue check mark. Currently, these verification badges allow recipients higher character counts per post and help to promote users’ posts to a broader audience. According to media outlets, X touted its “robust” security after removing some of the questionable blue check marks following the release of the TTP report. X owner and tech mogul, Elon Musk, came under fire when he initially began charging for the blue check mark, which the platform previously provided at no cost solely to verify a user’s identification. At the time, pundits alleged that the move would help to legitimize disinformation campaigns and open the platform to impersonators. “The U.S. imposes sanctions on individuals, groups and countries deemed to be a threat to national security,” the TTP report states. “Elon Musk’s X appears to be selling premium service to some of them.”