While the series is taking a short break, phishing scams don’t take the summer off. You can still stay up to date with cybersecurity tips, scam alerts, and helpful reminders from the Information Security team through:

• The IT Newsletter, delivered every Tuesday

• Our , where we post quick security tips and updates

Before You Click: A Phish Files Checklist

While Phish Files is on hiatus, phishing attempts will still be circulating. Keep these reminders in mind to help protect your account and the campus community:

1. Report suspicious emails
Use the Phish Alert Button (PAB) whenever something looks suspicious. Reporting helps the Information Security team investigate and remove threats from other inboxes across campus.

2. IT will not text you
Unexpected text messages claiming to be from IT asking you to verify your account or approve a login are a common scam tactic.

3. Never share your password or Duo codes
Montclair will never ask for your password, Duo authentication code, or login approval.

4. Be cautious with forms asking for personal information
Phishing emails often include forms requesting login details, financial information, or other personal data. Do not submit sensitive information through unsolicited links or forms.

5. Verify unusual requests
If an email appears to come from a campus department, coworker, or professor but seems unusual, contact them directly using known campus contact information rather than replying to the message.

6. Check links before clicking
Hover your mouse over links to preview the destination. If something looks unfamiliar or suspicious, go directly to the official website instead of clicking the email link.

7. Watch for urgency or pressure
Phishing messages often claim your account will be locked or that you must act immediately. Take a moment to pause and verify before responding.

8. Be cautious with unexpected attachments or shared documents
Even if a message appears to come from someone you know, confirm with them before opening unexpected files or document shares.

9. Look closely at the ����Ի���’s email address
Attackers often use addresses that look similar to legitimate university accounts but contain small differences.

10. Be cautious of unexpected job offers
Scammers frequently target students with fake job opportunities sent through email. Legitimate student job postings and opportunities from the university are shared through Handshake, not unsolicited emails.

Staying alert and reporting suspicious messages helps protect not just your account, but the entire Montclair community.

The Phish Files will return in Fall 2026 with more real examples and tips to help you spot phishing attempts before they cause harm. In the meantime, keep reporting those suspicious emails—we appreciate your help in keeping our campus safe.

• Stronger combinations: No more “Rocky123.”

• No repeats: Each account deserves its own unique password.

• Privacy protection: No sharing with roommates, coworkers, or classmates.

• Safe storage: Avoid sticky notes, public forms, or shared spreadsheets.

The National Keys Union (N.K.U.) claims: “We’ve been overworked and underappreciated for years. Until users give us proper respect, we’re refusing to log anyone in!”

While this strike is purely fictional, it’s a great reminder that strong, private passwords are essential for everyone on campus — students, faculty, and staff alike. Weak, shared, or poorly stored passwords can put your email, classwork, research, or sensitive campus data at risk.

Educational Takeaways:

1. Use strong, unique passwords: Combine letters, numbers, and symbols.

2. Try using a passcode instead: ����dz���⾱���ٳ���ǴDZ������77!

3. Never share your passwords: Even with friends or colleagues.

4. Avoid unsafe storage: Never post passwords in public documents or forms.

5. Enable multi-factor authentication (MFA) everywhere: It adds an extra layer of protection.

6. Update passwords regularly: Especially for sensitive personal accounts.

7. Use a password manager: To keep all your credentials secure and easy to manage.

Don’t worry, the strike is over… for now. But your passwords are still watching, and they appreciate a little respect.

Want to Learn More

����vlog | Secure Password Worksheet (For Personal Use)

Security.org |

CISA |

CISA (Video) |

Apple |

Google Android |

These scams often impersonate university offices such as the Registrar, Financial Aid, IT, or Academic Advising. Taking a moment to pause before clicking can help protect your account and personal information.

Why Registration Season Is Targeted

Attackers rely on timing. When people expect important emails about schedules, holds, or account access, they are more likely to click quickly without double-checking.

Common scam messages during registration include:

• Claims that there is a problem with your registration

• Alerts saying your account will be locked

• Requests to confirm your student record

• Links to “�ھ���” a registration hold

• Messages about tuition payment issues

These emails may include university logos or familiar language to appear legitimate.

Common Red Flags

Even convincing phishing emails usually contain warning signs. Watch for:

• Urgent language (“Act now or your registration will be �����Գ���������”)

• Requests for passwords or verification codes

• Links to unfamiliar websites

• Emails from external or unusual addresses

• Poor grammar or formatting

If a message feels rushed or alarming, �ٳ󲹳�’s often intentional.

Protect Your Account During Registration

A few simple habits can help keep your account secure:

• Access registration systems through official Montclair websites or bookmarks

• Avoid clicking links in emails asking you to “�ھ���” account problems

• Use Duo Push through the Duo Mobile app to approve login requests

• Never share your NetID password or Duo verification codes

• Report suspicious emails using the Phish Alert Button (PAB)

A Reminder for Faculty and Staff

Faculty and staff may also receive phishing messages related to registration, advising, or student records. Attackers sometimes impersonate students or university offices in an attempt to access sensitive systems or information.

Be cautious of emails requesting:

• Registration overrides or enrollment changes

• Student record updates

• Account verification

• Urgent requests that bypass normal processes

If a request seems unusual, verify it through official university channels before taking action.

Example: A Common Registration Scam

A faculty member receives an email that appears to come from a student asking for help registering for a required course. The message may request a quick registration override or ask the professor to review an attached form.

In some cases, these emails come from compromised student accounts, which can make them appear legitimate.

However, the message may include:

• A link to a fake login page

• An attachment designed to steal credentials

• A request to bypass normal procedures

Before responding, verify the request through official university systems or by contacting the student directly.

When in Doubt, Go Directly to the Source

If you receive a message about registration, holds, or your account, go directly to the official Montclair website or contact the office through the campus directory rather than using links in the email.

Want to Know More?

����vlog | Registration

����vlog | Registration: Seamless Login & Waiting Room Feature

����vlog | Red Hawk Central

����vlog | 

����vlog | How to Guides

Understanding how these attacks work helps you stay protected.

Types of Shared Documents

You might encounter:

• Google Docs, Sheets, Slides – real-time collaboration

• Microsoft Office files – Word, Excel, PowerPoint

• PDFs – reports, notices, or official forms

• Other cloud files – Dropbox, Box, or university platforms

Tip: All formats can be exploited. Knowing what you’re opening is the first step to staying safe.

Watch for These Risks

• Check who the document is coming from: Even if the ����Ի���’s name looks familiar, always verify the email address. Phishers often use external accounts that mimic internal ones.

• Unexpected shares: A file you weren’t expecting can be a trap.

• Urgent language or instructions: “Act Now” or “Verify Immediately” is a common tactic.

• Malicious links or credential-stealing forms: Some documents include links or attachments asking for your Montclair email and password. Providing credentials this way gives attackers full access to your account.

• Fake collaboration invites: Invitations from unfamiliar emails or vague messages can be malicious.

• Permission abuse: Some requests ask for broad access to files or accounts—only approve trusted apps.

Example: A faculty member received a “Total Rewards Compensation – ����vlog.pdf” Google Doc from an external-looking email. The link led to a credential request. Verifying the sender with IT prevented account compromise.

Stay Safe and Collaborate Smart

• Verify first: Contact the sender via a trusted method before opening unexpected files.

• Use official platforms: Google Workspace, Microsoft 365, and university portals are safer.

• Limit and organize access: Share with only those who need it, set view-only when possible, and use clear file names.

• Track versions and add context: Include notes explaining the file’s purpose.

• Review permissions regularly: Remove unknown collaborators or unneeded apps.

Example: A staff member shared a draft exam, noted “working draft, not final,” and set view-only access—avoiding accidental edits or leaks.

If You Think You’ve Interacted With a Malicious Document

1. Change your password immediately.

2. Check Duo for any unauthorized codes requests.

3. Use the Phish Alert Button to report it directly to Information Security.

4. Review your shared documents and remove unknown collaborators or apps.

Quick action protects both your account and the campus community.

Final Thoughts

Shared documents are powerful tools for learning, research, and daily operations. By staying alert to suspicious links, unexpected invites, and unusual permissions—and reviewing access regularly—you can collaborate safely.

Cybersecurity is a shared responsibility, and small, careful actions make a big difference.

For More Information

National Cybersecurity Alliance |

Medium |

Google |

On a busy campus, it’s easy to overlook small warning signs — a strange email, an unexpected document share, or a quick login request. Attackers design their scams around those exact moments.

Understanding what attackers hope you will ignore can help you recognize threats before they become serious problems.

Small Red Flags That Are Easy to Dismiss

Attackers depend on users overlooking details that feel minor or harmless. These warning signs are often subtle but important.

Slightly Unusual Email Addresses

Attackers frequently create email addresses that look very close to legitimate ones. At first glance, they may appear trustworthy, but a closer look may reveal small changes in spelling, extra characters, or unfamiliar domains.

Example:

smithj1@gmail.com

Tip:
Always double-check the ����Ի���’s full email address — not just the display name.

Unexpected Links or Attachments

You might receive messages asking you to review a document, confirm your account, or respond to an urgent request. These messages often include links that lead to fake login pages or malicious downloads.

Attackers count on you clicking quickly without verifying the source.

Example:

Unexpected Link

Tip:
Pause before clicking links, especially if the message creates urgency or pressure.

Surprise Collaboration Invites

Shared documents and collaboration tools are essential for campus work and coursework. Because they are so common, attackers use fake document invites to gain trust.

If you receive a shared document you were not expecting, attackers hope you will assume it is legitimate and open it immediately.

Example:

Surprise Collaboration

Tip:
If you weren’t expecting the document, confirm with the sender using a trusted contact method before opening it.

Form Filling Requests (Including Passwords, Duo Codes, etc.)

Attackers often create fake forms or webpages that look like legitimate university or company login pages. They may ask you to enter your password, Duo code, or other sensitive information. These pages can appear convincing but are designed to steal your credentials.

Example:
A form asking you to “verify your account” by entering your NetID password and current Duo code.

YOUR ACCOUNT MAY BE SUSPENDED

Tip:
Never enter your password, Duo code, or MFA approval into a form sent through email or text. The university will never ask for your password or Duo code through a link.

Unexpected or Urgent Text Messages

Scammers use text messages (smishing) to create a sense of urgency. These messages may claim there’s an issue with your account, a package delivery, payroll, or financial aid to pressure you into clicking a link quickly.

Example:
“Your account will be suspended today. Click here to verify immediately.”

Your Account Deactivation

Tip:
Pause before clicking. Do not use links in unexpected text messages. Instead, go directly to the official website or contact the organization through a trusted number.

Requests for Alternative Contact Methods

Attackers often try to move conversations away from official university email accounts to personal email, text messaging, WhatsApp, or other platforms where monitoring and security protections are limited.

Example:
“Please reply to my personal email” or “Text me at this number to complete the process.”

New Week Staff & Faculty School Notice !!!

Tip:
Be cautious if someone asks to switch to a different contact method, especially when discussing payments, credentials, or sensitive information. When in doubt, verify through official university contact information.

The Pressure to Act Quickly

Many cyber scams create a sense of urgency. Messages might claim:

• Your account will be suspended

• You must verify information immediately

• You are missing important academic or administrative updates

• A payment or financial issue needs urgent attention

Attackers rely on emotional reactions to override caution.

Tip:
Legitimate university offices rarely require immediate action without providing multiple ways to verify requests. Taking a moment to pause can prevent major security issues.

Overlooking Permission Requests

Sometimes attackers do not ask for passwords directly. Instead, they ask users to approve app or document permissions that grant access to files, email, or cloud storage.

These requests can appear routine, which makes them easy to approve without review.

Tip:
Only grant permissions to applications and tools you recognize and actively use. If a permission request seems excessive or unrelated, do not approve it.

Ignoring Who Has Access to Your Files

Over time, shared documents may accumulate collaborators, public links, or outdated permissions. Attackers sometimes exploit files that remain widely shared or publicly accessible.

Tip:
Regularly review your document sharing settings and remove access that is no longer necessary.

What To Do If You Think You Missed a Warning Sign

If you clicked a suspicious link, shared credentials, approved unexpected permissions, or opened a questionable attachment, acting quickly can reduce potential damage.

Take These Steps Right Away:

• Change your

• Only accept Duo MFA requests you know are you

• Never provide your password and Duo MFA codes to anyone

• Review recent account activity and shared file permissions

• Report the incident via the Knowbe4 PAB hook

Reporting suspicious activity helps protect not only your account but also others in the campus community.

Staying One Step Ahead

Cybersecurity threats continue to evolve, but most attacks still rely on human behavior. Attackers count on users being rushed, trusting, or overlooking small details.

Taking a few extra seconds to verify messages, review permissions, and question unexpected requests can make a significant difference.

Awareness is one of the strongest defenses we have — and staying alert helps keep our entire campus community safer.

For More Information

BitLyft |

FTC |

Check Point |

ProofPoint |

Ironscales |

What the [External] Tag Means

When you see [EXTERNAL] in an email subject line, it means the message came from outside the Montclair network.

• It doesn’t automatically mean the email is unsafe. (It could be from your mom!)
• The tag is applied to all external emails and doesn’t affect delivery.
• Think of it as a visual reminder: pause and double-check before clicking links, opening attachments, or sharing sensitive information.

External email tags help users:

• Spot messages that may need extra examination
• Recognize phishing or impersonation attempts more easily
• Build safer email habits without blocking legitimate messages

Practical Tips for Handling [External] Emails

• Stop and verify if the email claims to be from an internal office (HR, IT, Career Services) but is marked [External]
• Always check the ����Ի���’s email address. Official Montclair messages typically come from our university domain, but some legitimate communications from partners or affiliated services may come from other addresses. (e.g. Canvas)
• Watch for mismatched details: display name, signature, and reply-to address should all align
• Be cautious with urgent requests or unexpected links/attachments

Remember: Use the [EXTERNAL] tag as a cue to think before you click, and report anything suspicious using the Phish Alert Button (PAB).

Frequently Asked Questions (FAQ)

What is External Email Tagging?

Starting on March 16th, the Office of IT will automatically add [EXTERNAL] to the subject line of messages sent from outside the university. It’s intended to be a visual reminder that the message originated beyond our email domain.

Why is Montclair implementing this?

Email is one of the main ways cybercriminals target higher education organizations. To help protect our campus community, Montclair will now add [EXTERNAL] to the subject line of emails sent from outside the university. 

This tag helps faculty, staff and students:

• Quickly recognize messages from external senders
• Pause before clicking links or opening attachments
• Reduce the risk of phishing, fraud, and impersonation scams

External tagging also protects sensitive university and personal data. Higher education institutions frequently face threats such as:

• Payroll scams
• Fake account deactivation messages
• Job offer and financial scams
• Research data theft

By providing a simple visual reminder, the [EXTERNAL] tag adds a powerful layer of awareness to protect  the organization  and your personal information.

What will it look like?

If an email comes from a non-@montclair.edu email address, you’ll see [EXTERNAL] added at the beginning of the subject line.

Example: [EXTERNAL] Updated Payroll Information

Are all outside emails dangerous?

No. Many legitimate emails come from external partners, vendors, parents, and prospective students. The tag simply distinguishes from emails that originate outside of the university, i.e., emails that are not sent from an @montclair.edu address.

The tag is a reminder to use caution, especially if the message:

• Creates urgency
• Asks for passwords or MFA approvals
• Requests payment, gift cards, or wire transfers
• Includes unexpected attachments or links

Why don’t internal emails have the tag?

Messages sent between Montclair email accounts remain untagged because they originate within our environment.

NOTE: If an internal account is compromised, attackers may send messages that look legitimate. Always stay alert for unusual requests even from colleagues.

What should I do if an external email looks suspicious?

• Do not click links or download attachments
• Do not reply with sensitive information
• Report the message using the Knowbe4 Phish Alert Button

If you already provided your personal information, please reset your password as quickly as possible. 

Can the tag be removed?

The tag cannot be removed from individual messages. It is automatically applied to protect the entire campus community.

Where can I learn more about email and phishing safety?

����vlog | Phish Files

����vlog | Information Security

Cybersecurity & Infrastructure Security Agency (CISA) |

Federal Trade Commission (FTC) |

Federal Bureau of Investigation (FBI) |

That’s why is so important — it’s a reminder that protecting your money and identity is everyone’s responsibility.

What is National Consumer Protection Week?

is a nationwide effort to help people make informed financial decisions, avoid scams, and protect personal information. While it’s recognized across the country, it’s especially relevant for our campus community.

Students, faculty, staff, and parents all handle money, accounts, and personal data every day — from tuition payments and student loans to payroll, banking, and online purchases. Being aware of consumer protection principles not only helps you avoid scams on campus, but also keeps your personal life and finances safer.

Why Scams Work

Scammers rely on psychology more than technology:

• Urgency & fear – Messages pressure recipients to act quickly.

• Authority & trust – They appear to come from official offices, professors, or even family members.

• Appeal to benefit – Offers like “loan forgiveness” or “exclusive campus jobs” make recipients act without verifying.

Understanding these tactics helps you pause, think critically, and avoid becoming a victim.

Students: What to Watch For

• Financial aid & student loan scams – Offers of loan forgiveness or “payment relief” for a fee.

• Fake job opportunities – Remote campus jobs or internships asking for upfront payments or banking information.

• Tuition and housing payment fraud – Verify all payment instructions via official Montclair portals, never email links.

• Subscription or trial traps – Free apps or software that convert to expensive recurring charges.

Tip: Always confirm requests through official Montclair systems and never share passwords or multi-factor authentication codes.

Faculty & Staff: Protect Your Payroll & Office Information

• Payroll diversion scams – Emails impersonating colleagues requesting direct deposit changes.

• Procurement fraud – Vendors suddenly asking for urgent banking updates.

• Tax & W-2 phishing – Scammers posing as HR or payroll offices requesting sensitive documents.

Tip: Independently verify any unusual requests by contacting colleagues or offices directly using official contact information.

Parents & Families: Stay Alert

Parents supporting students are also targeted with:

• Fake tuition balance or loan “restructuring” emails

• Emergency scam calls claiming their student is in trouble

• Tax identity theft scams

Tip: Always confirm requests directly with the university and encourage students to report suspicious messages.

Protect Yourself — Actionable Steps

1. Verify before you click – Hover over links and check the ����Ի���’s address.

2. Use official channels – Log in to Montclair systems directly rather than through email links.

3. Enable multi-factor authentication (MFA) – Our campus uses Duo MFA for all student, faculty, and staff accounts. MFA adds an extra layer of protection even if your password is compromised. You can and should also enable MFA on your personal accounts — email, banking, and social media — for the same protection.

4. Monitor financial accounts – Regularly review bank, credit, and student account statements.

5. Educate yourself and your family – Discuss common scams and what to do if something seems suspicious.

Trusted Consumer Protection Resources

Want to Know More?

FTC | (Webinar on March 3, 2026 at 2:00 P.M.)

FTC |

FTC |

FTC |

Whether you’re a student filing taxes for the first time, a faculty or staff member managing deductions, or helping a family member prepare their return, understanding tax-related scams can help protect your identity, finances, and university accounts.

Common Tax Season Scams to Watch For

Phishing Emails and Fake Messages

Scammers often send emails or text messages pretending to be from the IRS, tax software companies, or financial institutions. These messages may:

• Claim there is an issue with your tax return

• Promise unexpected refunds or stimulus payments

• Ask you to verify personal or financial information

• Contain links to fake websites designed to steal your login credentials

IRS Impersonation Calls

Some scammers pose as IRS agents and use threatening or urgent language, claiming you owe money and must pay immediately or face legal action.

They may demand payment through:

• Gift cards

• Wire transfers

• Cryptocurrency

• Payment apps

Fake Tax Preparation Services

Criminals may create websites or social media advertisements offering fast or low-cost tax filing services. These services may collect your personal information and disappear or use your identity to file fraudulent tax returns.

How the IRS Actually Contacts You

Understanding how the IRS communicates can help you quickly identify scams.

The IRS WILL:

• Usually contact you first through official letters sent by U.S. mail

• Provide time to respond or appeal

• Direct you to verified resources on IRS.gov

The IRS WILL NOT:

• Contact you through social media, text messages, or email requesting personal information

• Call demanding immediate payment or threatening arrest

• Request payment using gift cards, cryptocurrency, or wire transfers

• Ask for passwords or account login information

If you receive a suspicious message claiming to be from the IRS, it is safest to verify it independently before taking action.

Check Links Carefully

Scammers often create fake websites and forms that look like trusted tax services, banks, or even university login pages. Their goal is to steal usernames, passwords, Social Security numbers, and banking information.

Once attackers have your credentials, they may try to access your accounts and send repeated Duo or multi-factor authentication (MFA) requests hoping you’ll approve one. This tactic is known as MFA fatigue or push bombing.

Watch for Red Flags

• Unexpected messages with login links

• Slightly misspelled or unusual website addresses

• Urgent messages claiming account or refund issues

• Login pages requesting extra or unusual information

Protect Yourself

• Type official website addresses directly into your browser

• Double-check URLs before logging in (Use the Hover Over Method!)

• Never approve Duo or MFA requests you didn’t initiate

• Report repeated MFA prompts or suspicious login pages

Remember: Approving an MFA request is the same as unlocking your account.

What You Should and Should NOT Share

Safe to Share (When Using Trusted Services)

• Tax documents with reputable tax professionals or verified tax software

• Financial information submitted through secure and official platforms

• Employer tax forms received through official university or employer systems

Never Share

• Social Security numbers through email, text messages, or unsolicited phone calls

• Tax account usernames or passwords

• Full banking or payment details with unknown individuals or services

• Photos of tax forms or financial records on social media

Tips to Stay Secure During Tax Season

• File taxes early to reduce the chance of someone filing fraudulently using your identity
• Use strong, unique passwords and enable multi-factor authentication
• Verify website addresses before entering sensitive information
• Be cautious with unexpected tax-related messages or urgent requests
• Store tax documents securely and shred paper copies when no longer needed
• Report suspicious emails, links, or login requests using university phishing reporting tools

Cybersecurity Is a Shared Responsibility

Tax season can already be stressful. Taking a few extra moments to verify communications and protect your personal information can help prevent identity theft and financial loss.

If you are unsure whether a tax-related message is legitimate, pause, verify, and report it. When it comes to protecting your information, it is always better to be cautious.

Want to Learn More?

The Associated Press |

IRS |

Official IRS Resources

Where to Report Scams

State Tax Authority

If your state has a tax department (like a Department of Revenue), they also host scam alerts and reporting tools.

Artificial intelligence (AI) tools are becoming part of everyday learning and work on campus. To use them responsibly, it helps to focus on three big questions:

• What should I watch for?
• How should I use AI responsibly?
• Why does the university care?

What to Watch Out For

Data privacy risk

Anything you paste into an AI tool may be stored or reused by the vendor.

• Student records, grades, and HR information may be protected by law or contract.
• Free consumer tools often lack strong privacy guarantees.

Security risks

AI tools and add-ons can expand the attack surface.

• Fake or malicious AI tools may be used for phishing.
• Browser extensions can expose accounts or data.

Bias and errors

AI can sound confident and still be wrong.

• Outputs may reflect bias or miss context.
• Facts, sources, and calculations should always be verified

Tip: If the data is sensitive or the outcome is high-stakes, pause before using AI.

How to Use AI Responsibly

AI works best as a support too, not as a decision-maker.

Good uses include:

• Brainstorming ideas or outlines
• Drafting content you will review and edit
• Summarizing public or non-sensitive information
• Studying concepts or improving clarity and tone

Remember:

• Follow course, department, and university guidance on AI use
• Don’t submit AI-generated work as your own
• Be transparent about AI use
• Apply human judgement before sharing an AI output

Tip: AI can help you think but shouldn’t think for you.

Why the University Cares

Trust and reputation

Irresponsible AI use can damage trust with students, employees, partners, and the public.

Strategic value

Without coordination, it’s hard to know whether AI tools are improving learning, operations or just adding risk.

The goal isn’t to block innovation, but to ensure AI supports teaching, learning, and work without compromising privacy, security, or integrity.

Want to Know More?

Forbes |

Inside Higher Ed |

GovTech |

Insider Higher Ed |

As Valentine’s Day rolls around, many people are looking for love — but so are scammers. Romance scams are on the rise, and college students and staff are not immune. These scams can leave victims not just heartbroken, but also out hundreds or even thousands of dollars.

How Romance Scams Work

Scammers usually start with a message on:

• A dating app (like Tinder, Hinge, Bumble)

• Social media (Instagram, Facebook, Snapchat)

• Or even through DMs on gaming or study platforms

They’ll build a connection fast — complimenting you, sharing personal stories, and talking about a “future” together. But there’s a catch: you’ll never meet them in person. Eventually, they’ll ask for something.

Common red flags:

• They say they’re deployed, overseas, or traveling and can’t meet

• They claim to have an emergency (hospital bill, visa issue, stolen wallet)

• They ask for gift cards, crypto, wire transfers, or Zelle payments

• They want to move the conversation off-platform quickly

• They love you… after just a few messages

How to Protect Yourself

1. Take It Slow
   Real relationships take time. Be wary of anyone who moves fast emotionally or financially.

2. Verify Before You Trust
   Reverse image search their profile pics. Video chat before you get too invested.

3. Never Send Money or Gifts
   No matter how sad the story is — if you haven’t met them in person, don’t send funds.

4. Be Skeptical of Secrecy
   Scammers often say “don’t tell anyone” — �ٳ󲹳�’s a major red flag.

5. Trust Your Instincts
   If it feels off, it probably is. Talk to a friend, family member, or coworker before making decisions.

Already Shared Something? You’re Not Alone.

If you think you’ve been targeted by a romance scam:

• Stop contact immediately

• Don’t send more money (even if they threaten you)

• Report it to your bank and to the platform

Real Love Isn’t a Secret or a Scam

Whether you’re swiping right or just sharing memes with a new crush, make sure your heart — and your data — are protected.

This Valentine’s Day, stay safe, stay smart, and don’t let a scammer steal your heart or your bank account.

Want to Learn More?

FBI |

Federal Trade Commission |

U.S. Secret Service |

OmniWatch |