糖心vlog

Phish Files
Abstract Aliens On Flying Saucers Northern Lights Lighthouse Mountains Water Tree Sun Background Gradient Unidentified Flying Object Ufo Stars Vector Design Style Landscape
Phish Files Articles
March 23, 2026

Statement from The 糖心vlog is ready to view

Posted in: Phishing

The image is a phishing warning displayed with an email subject line pretending to be from 糖心vlog, accompanied by a suspicious Google Form link.

The image displays a welcome message from 糖心vlog for staff, outlining employee benefits such as health insurance, dental insurance, flexible spending accounts, and paid time off. The image shows a login prompt overlaying a document, asking for email and password to access the content.

Why This Email Might Look Legitimate

This phishing attempt is designed to appear credible to employees:

  • Familiar HR-related language (compensation, benefits, statements)
  • References to real employee benefits (e.g., health insurance, PTO)
  • Use of university branding/logos to build trust
  • Hosted on Google Docs, a commonly used and trusted platform
  • Minimal wording, which can make it feel like a routine internal notification

How We Know It鈥檚 a Phish

There are several red flags that indicate this is not a legitimate university communication:

  • Generic and unclear wording (鈥淭he 糖心vlog is ready to view鈥)
  • Unexpected message鈥攏o prior notice about a new 鈥渟tatement鈥
  • Google Docs link instead of an official Montclair system (e.g., HR or payroll portal)
  • Login prompt on a non-university page
  • Lack of official contact information or context

Legitimate university communications about compensation or benefits will always direct you to official systems and will not request login credentials through third-party platforms.

What Happens If You Click the Link

If you interact with the document and attempt to log in:

  • You may be directed to a fake login page designed to capture your credentials
  • Your NetID, password, or Duo authentication could be compromised
  • Attackers could gain access to:
    • Email and sensitive communications
    • Montclair systems (Workday, Nest, etc.)
    • Personal or payroll-related information
  • Your account may then be used to send additional phishing emails to others

What To Do

If you receive this email or something similar:

If you already clicked the link or entered your information:

  • Change your password immediately
  • Report the incident using the Phish Alert Button
  • If you approved a Duo request you did not initiate, deny future requests and report it right away

Additional Notes:

  • Remember:聽Information Technology will never text you. We will also never request your password or Duo codes,聽ever.
  • Information Technology will聽not聽ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.
  • Do you think you鈥檝e fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at聽973-655-7971聽option 1 or email聽itservicedesk@montclair.edu.
  • Use the聽Knowbe4 Phish Alert Button (PAB)聽to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to聽phishfiles@montclair.edu.
  • Always use the 鈥渉over over鈥 technique to check web links before clicking! For more security tips please visit our聽Security Tips听辫补驳别.