Why This Looks Real

This phishing email is especially convincing because it mimics real HR processes:

• Relevant timing
  Mentions of evaluation deadlines (like March 26th) align with real performance review cycles.
• Familiar system references
  The message references evaluation steps that resemble workflows in Workday.
• Personalization
  Includes your name to make the email feel legitimate.
• Professional tone
  Uses structured language like “Submitted to Reviewer” and “Submitted for Approval.”
• HR-style formatting
  Appears to come from an “HR Admin” with an official-looking notification format.

Why This Is Fake

Despite looking legitimate, there are clear warning signs:

• External sender
  The email comes from outside the university, even though HR communications should come from internal systems.
• Generic sender name
  “HR Admin” is vague and not tied to a real university contact.
• Malicious link behavior
  The “View Review” link leads to:
  • A fake CAPTCHA page
  • Followed by a spoofed login page designed to steal your credentials
• Unexpected request
  Legitimate performance reviews are accessed directly through Workday—not through email links.
• No direct link to official system
  The URL does not match your institution’s Workday domain.

What You Should Do

If you receive this message:

• Do NOT click the link
• Do NOT enter your login credentials
• Report it immediately using the Phish Alert Button (PAB)

If you already clicked or entered your information:

• Change your password immediately
• Report it via the PAB
• Monitor your account for unusual activity

Additional Notes:

• Remember:��Information Technology will never text you. We will also never request your password or Duo codes,��ever.
• Information Technology will��not��ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.
• Do you think ��dz�’v�� fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at��973-655-7971��option 1 or email��itservicedesk@montclair.edu.
• Use the��Knowbe4 Phish Alert Button (PAB)��to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to��phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our��Security Tips���貹����.

• Immediate Action Needed: Account Verification Required
• [Action Required] School Email & Financial Aid Access at Risk

We’re seeing phishing emails sent to students that claim your account is at risk if you don’t complete a verification process. These messages are designed to create panic and trick you into clicking a malicious link.

Why This Looks Real

Cybercriminals are getting more convincing. This email uses:

• Urgency and pressure
  Phrases like “final notice” and a 24-hour deadline push you to act fast.
• Important account threats
  Mentions of losing access to email and financial aid make it feel serious.
• Official-sounding language
  Terms like “in accordance with university policy” make it seem legitimate.
• Familiar departments
  References to offices like Student Financial Services add credibility.

Why This Is Fake

Look closer and you’ll spot the red flags:

• Generic greeting
  “Dear Student” instead of your name.
• Suspicious link
  The “Student Account Verification Form” is not a trusted university link.
• Threatening consequences
  Immediate restrictions or deactivation within 24 hours is a common scare tactic.
• Unusual request
  Legitimate university offices will not ask you to verify sensitive information through unsolicited email links.
• Discourages follow-up
  Claims the account is “send-only” and not monitored.

What You Should Do

If you receive this email:

• Do NOT click the link
• Do NOT enter your login information
• Report it immediately using the Phish Alert Button (PAB)

If you already interacted with it:

• Change your password immediately
• Report it via the PAB

Additional Notes:

• Remember:��Information Technology will never text you. We will also never request your password or Duo codes,��ever.
• Information Technology will��not��ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.
• Do you think ��dz�’v�� fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at��973-655-7971��option 1 or email��itservicedesk@montclair.edu.
• Use the��Knowbe4 Phish Alert Button (PAB)��to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to��phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our��Security Tips���貹����.

Why This Email Might Look Legitimate

This phishing attempt is designed to appear credible to employees:

• Familiar HR-related language (compensation, benefits, statements)
• References to real employee benefits (e.g., health insurance, PTO)
• Use of university branding/logos to build trust
• Hosted on Google Docs, a commonly used and trusted platform
• Minimal wording, which can make it feel like a routine internal notification

How We Know ����’s a Phish

There are several red flags that indicate this is not a legitimate university communication:

• Generic and unclear wording (“The ����vlog is ready to view”)
• Unexpected message—no prior notice about a new “statement”
• Google Docs link instead of an official Montclair system (e.g., HR or payroll portal)
• Login prompt on a non-university page
• Lack of official contact information or context

Legitimate university communications about compensation or benefits will always direct you to official systems and will not request login credentials through third-party platforms.

What Happens If You Click the Link

If you interact with the document and attempt to log in:

• You may be directed to a fake login page designed to capture your credentials
• Your NetID, password, or Duo authentication could be compromised
• Attackers could gain access to:
  • Email and sensitive communications
  • Montclair systems (Workday, Nest, etc.)
  • Personal or payroll-related information
• Your account may then be used to send additional phishing emails to others

What To Do

If you receive this email or something similar:

• Do not click the link
• Report the email using the Phish Alert Button (PAB)

If you already clicked the link or entered your information:

• Change your password immediately
• Report the incident using the Phish Alert Button
• If you approved a Duo request you did not initiate, deny future requests and report it right away

Additional Notes:

• Remember:��Information Technology will never text you. We will also never request your password or Duo codes,��ever.
• Information Technology will��not��ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.
• Do you think ��dz�’v�� fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at��973-655-7971��option 1 or email��itservicedesk@montclair.edu.
• Use the��Knowbe4 Phish Alert Button (PAB)��to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to��phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our��Security Tips���貹����.

What This Email Looks Like

• Sender Name: “MONTCLAIR Career Advising” (external sender)
• Subject Line Examples: “Submission: Remote Personal Assistant Application”
• Email Body: Blank or minimal content
• Attachment: Montclair_Part_Time_Opportunities.dot (Microsoft Word file)

The attachment claims to offer a flexible, high-paying remote job and encourages recipients to apply quickly.

Why This Email Might Look Legitimate

• Uses the university name and branding language
• Appears to come from a career advising office
• Promotes a flexible, work-from-home job, which is common for students
• Lists realistic-sounding responsibilities and qualifications
• Includes a professional-looking format inside the document

These details are designed to lower your guard and make the opportunity seem credible.

How We Know ����’s a Phish

• External sender: The email is not coming from an official Montclair account
• Blank email body: Legitimate departments don’t send empty messages with only attachments
• Suspicious attachment (.dot file): This is a Word template file type often used to deliver malware
• Too-good-to-be-true pay: $600/week for minimal hours is a common scam tactic
• Requests off-platform communication: Asking you to email a resume to an external address
• “Use an alternate email address”: A major red flag—legitimate employers do not require this
• Dead or suspicious links: The “Click Here to Apply” link does not lead to a valid university page

What Happens If You Click the Link or Open the Attachment

• Malware could be installed on your device through the Word file
• You may be prompted to enable macros, which can give attackers control of your system
• Your personal information (resume, contact details) could be harvested for scams or identity theft
• Attackers may follow up to request banking details or payments

Even if the link appears broken, the file itself may still pose a risk.

What You Should Do

• Do not open the attachment or click any links
• Report it using the Phish Alert Button (PAB)
• Remember:
  • IT will never ask for your password or Duo codes
  • Legitimate campus jobs will not require you to use a personal email to apply
  • All Montclair jobs can be found on Handshake

Additional Notes:

• Remember:��Information Technology will never text you. We will also never request your password or Duo codes,��ever.
• Information Technology will��not��ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.
• Do you think ��dz�’v�� fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at��973-655-7971��option 1 or email��itservicedesk@montclair.edu.
• Use the��Knowbe4 Phish Alert Button (PAB)��to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to��phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our��Security Tips���貹����.

Why This Email Might Look Legitimate

Phishing emails are designed to look convincing. In this case, the attackers used several tactics to make the message appear trustworthy.

• A recognizable company name
  The email references Pall Corporation (Danaher) to make the opportunity appear credible. Attackers often use well-known companies to make messages seem more authentic.
• An appealing student job description
  The promise of a flexible remote position with paid training targets students who may be looking for part-time work that fits around classes.
• A university logo in the signature
  The email includes the Montclair logo��in the signature to make the message appear like it came from an official campus office.
• Changing senders and subjects
  Campaigns like this often rotate sender names and subject lines to avoid spam filters and reach more people.

How We Know ����’s a Phish

Despite its professional appearance, there are several clear signs that the message is fraudulent.

• The sender is external
  The email does not originate from a Montclair account.
• The office does not exist
  The message claims to come from the “Office of Student Career �����ǰ��ٳܲԾ��پ����,” which is not a department at our university.
• It bypasses official job platforms
  All legitimate student job opportunities are distributed through Handshake, the official platform used by Career Services.
• The application link leads to a Google Form
  Instead of directing users to a company hiring portal, the link sends applicants to a Google Form, which is not how legitimate employers typically collect job applications.

What Happens If You Click the Link

The link directs users to a Google Form posing as a job application. The form describes a “Personal �����������ٲ��Գ�” position that claims applicants will perform tasks such as running errands, handling administrative duties, making travel arrangements, sending gifts to clients, and even managing financial transactions.

The description promises flexible work that “does not affect your current work or ���ٳܻ徱���” and states that applicants only need a mobile phone, internet access, and a bank account to cash weekly checks.

These details are common in job scam campaigns and raise several concerns.

Red Flags in the Job Description

• Handling financial transactions
  The role claims applicants may be responsible for financial transactions or purchasing items. This is a common tactic used in scams where victims are later asked to deposit fraudulent checks or send money.
• Emphasis on personal banking
  The description specifically mentions needing a bank account to cash weekly checks, which is unusual for a legitimate job listing and can signal a potential fake check scam.
• Vague job responsibilities
  The tasks listed are broad and inconsistent, ranging from administrative work to errands and financial handling. Legitimate job postings typically provide clear, structured responsibilities and reporting lines.
• Informal or unprofessional wording
  The posting contains unusual phrasing and formatting, which is often a sign that it did not originate from a legitimate hiring process.

Information the Form Requests

The application form also asks for extensive personal information, including:

• Home address

• Phone number

• Personal and school email addresses

• Date of birth and age

• Whether the applicant has a checking account and the name of their bank

Requesting this level of personal and financial information during an initial application through a basic online form is a major red flag.

If submitted, this information could be used for:

• Identity theft

• Future phishing attempts

• Financial scams targeting the applicant

The form also contains spelling errors, such as “���������徱���ٱ����,” which is another common indicator of phishing campaigns.

How to Stay Safe

When reviewing job opportunities sent through email, keep these tips in mind:

• Verify the sender. Be cautious of job offers sent from external email accounts.

• Check the department name. If ��dz�’v�� never heard of the office, it may not exist.

• Avoid forms asking for financial information. Legitimate employers do not request banking details during an initial application.

• Use Handshake. All legitimate student job opportunities at our university are posted through Career Services on Handshake.

• Report it. If you are unsure of an emails legitimacy, use the PAB to report it.

If You Receive a Message Like This

If you receive a suspicious job offer:

• Do not click the link

• Do not submit personal information

• Report the message using the Phish Alert Button (PAB)

Reporting phishing emails helps the Information Security team identify scams more quickly and protect the campus community.

Additional Notes:

• Remember:��Information Technology will never text you. We will also never request your password or Duo codes,��ever.
• Information Technology will��not��ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.
• Do you think ��dz�’v�� fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at��973-655-7971��option 1 or email��itservicedesk@montclair.edu.
• Use the��Knowbe4 Phish Alert Button (PAB)��to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to��phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our��Security Tips���貹����.

How It Looks Legitimate

Attackers often copy familiar language and formatting to make their messages look official. In this case, the email:

• Impersonates the IT department by using “IT Service Desk” as the sender name and in the signature.

• References email security changes, which can sound like a normal IT update.

• Targets all university employees, creating the impression of a campus-wide requirement.

• Includes a call-to-action link labeled “Begin,” prompting users to take immediate action.

How We Know ����’s a Phish

There are several red flags that reveal this message is not legitimate:

• The email comes from an external address, not an official Montclair account.

• The sender name was changed to appear as the IT department, even though the underlying email address is not from the university.

• The message directs users to a login page through an embedded link, which is a common tactic used to capture credentials.

• The wording is vague and urgent, lacking the details typically included in official IT communications.

Legitimate IT updates will never ask you to verify your password through an unexpected external link.

What Happens If You Click the Link

If users interact with the link in the email, they are taken to a fake login page designed to look like the university’s sign-in page.

If credentials are entered on this page, attackers can capture them and potentially:

• Access the user’s Montclair email account

• Send phishing messages from the compromised account

• Access sensitive communications or files

• Attempt to gain access to other university systems

Compromised accounts are often used to continue phishing others across campus.

What To Do

If you receive this email:

• Do not click the link or reply to the message.

• Report the email using the Phish Alert Button.

If you already clicked the link or entered your credentials:

• Change your immediately.

Additional Notes:

• Remember:��Information Technology will never text you. We will also never request your password or Duo codes,��ever.
• Information Technology will��not��ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.
• Do you think ��dz�’v�� fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at��973-655-7971��option 1 or email��itservicedesk@montclair.edu.
• Use the��Knowbe4 Phish Alert Button (PAB)��to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to��phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our��Security Tips���貹����.

Why This Looks Legitimate

• It references a “2026 Total Compensation Statement,” which sounds like a legitimate HR document.

• The message appears as a Google Doc share, a tool commonly used for collaboration.

• The document includes real Montclair employees’ names in the comments/notes, making it look like others are already reviewing it.

• It mentions salary, benefits, and retirement contributions, topics that are typically handled by Human Resources.

These details are meant to make the document feel routine and credible.

Signs ����’s a Phishing Attempt

Even though the message looks professional, there are several warning signs:

• Unexpected document share – Compensation statements are not typically distributed through shared Google Docs.

• External sender – The document originates from an account outside the university.

• Generic message – The document does not include your name, department, or employee ID.

• Suspicious link inside the document – The text “statement online” is a clickable link rather than directing users to an official HR system.

• Use of real names in comments – Attackers sometimes include real employee names to make the document appear legitimate.

What Happens If You Click the Link

The link in the document does not lead to a legitimate compensation statement.

Instead, it redirects users to a malicious form requesting university login credentials. These forms are designed to capture usernames and passwords and send them directly to attackers.

Once credentials are submitted, attackers may be able to:

• Access your university email and files (including Workday)

• Send phishing messages from your account

• Attempt to access other university systems tied to your login

What To Do If You Interacted With It

If you clicked the link or entered your credentials, take action immediately:

1. Change your university password right away.

2. Do not click the link in the document.

3. Report the email or document using the Phish Alert Button.

Additional Notes:

• Remember:��Information Technology will never text you. We will also never request your password or Duo codes,��ever.
• Information Technology will��not��ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.
• Do you think ��dz�’v�� fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at��973-655-7971��option 1 or email��itservicedesk@montclair.edu.
• Use the��Knowbe4 Phish Alert Button (PAB)��to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to��phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our��Security Tips���貹����.

Cybercriminals design phishing emails to appear trustworthy. This message uses several tactics to lower suspicion:

• Familiar Name in the Signature
  The email includes the name and title of a real member of our campus community, making it appear officially endorsed.

• Professional Tone and Formatting
  The message is written in formal language and references “faculty and staff appreciation,” which aligns with legitimate Montclair communications.

• High-Value, Recognizable Brands
  The giveaway items reference well-known products, including:

  • Airstream travel trailer

  • Stealth Bomber E-Bike

  Referencing recognizable brands makes the offer feel more credible.

• Old University Logo
  The message uses an outdated Montclair logo to appear official.

Signs This Email Is Phishing

Despite its professional appearance, several red flags indicate this is not legitimate:

• External Sender Address
  The email originates from an external email address, not an official Montclair account.

• Mismatched Contact Information
  Recipients are instructed to email a different external address that is not affiliated with the university.

• Request to Use a Personal Email Address
  The message specifically asks you to use a personal (non-university) email account to respond.

  • This is a major red flag. Scammers attempt to move conversations off official systems to avoid security monitoring.

• Too Good to Be True Giveaway
  Extremely high-value items are being offered with no official webpage, registration form, or verification process.

• Non-Existent Sponsor
  The email references a “retired community member” who does not exist.

• Urgency & Limited-Time Framing
  Phrases like “limited-time opportunity” are designed to pressure quick action.

• Unusual Subject Line & Excessive Punctuation
  Multiple exclamation points and emoji-heavy formatting are common in phishing campaigns.

What Are the Risks?

If you respond to this email, you could:

• Expose your full name and personal email address

• Open the door to follow-up phishing attempts

• Be targeted for financial scams

• Become a victim of identity theft

• Be added to scammer distribution lists for future attacks

Even a simple reply confirms your email is active, making you a higher-value target.

What Should You Do?

If you receive this message:

1. Do not reply.

2. Do not use your personal email address to respond.

3. Do not share any personal information.

4. Report the email using the Knowbe4 Phish Alert Button (PAB).

5. Delete the message after reporting it.

If you already responded, contact the IT Service Desk immediately.

Why This Email May Look Legitimate

Scammers often design job scams to appeal to students and job seekers. This message uses several tactics:

• University Branding
  The email references ����vlog and presents itself as an official campus opportunity.

• Formal Job Posting Format
  The layout mimics a legitimate job description, with position details, qualifications, and application instructions.

• Attractive Pay for Minimal Hours
  The offer promises $600 per week for just 5–7 hours of remote work — highly appealing and seemingly flexible.

• Quick Review Timeline
  Stating that applications will be reviewed within “2–24 hours” creates urgency and excitement.

Signs This Email Is Phishing

There are multiple red flags:

• External Sender Accounts
  The emails come from random external accounts, not official university email addresses, even though the display name may say “Student Center.”

• Non-Existent Department
  “Job Placement & Student Services” is not a recognized university department.

• Generic Gmail Contact Address
  Applicants are instructed to email a resume to a personal Gmail account (not an official university domain).

• Unrealistic Compensation
  $600 per week for 5–7 hours of administrative work is a classic job scam tactic.

• Minimal Qualifications Required
  Only a high school diploma and internet connection are listed — another common scam pattern.

• “Click Here” Application Link
  Vague links without a verified university website are a major warning sign.

What Are the Risks?

Responding to this message could lead to:

• Identity theft (sharing your resume and personal details)

• Financial scams (including fake check scams)

• Requests for banking information

• Being targeted for future employment scams

Job scams often escalate quickly after initial contact.

What Should You Do?

If you receive this email:

1. Do not click any links.

2. Do not send your resume or personal information.

3. Report the message using the Phish Alert Button (PAB).

4. Delete the email after reporting.

Remember

1. Legitimate university job postings are posted on Handshake.
2. If an offer sounds too good to be true — especially with high pay for minimal work — it probably is.
3. ����vlog will never ask for your password or Duo codes.

Scammers are sending emails advertising exclusive academic opportunities or leadership programs for students. These messages attempt to create excitement and urgency to trick recipients into clicking malicious links or submitting personal information.

Why This Email May Look Legitimate

• Promotes a student-focused academic or leadership opportunity

• Claims the offer is limited to a small number of students

• Includes what appears to be official Montclair address information

• Uses application-style language that feels career or academically beneficial

• Appears to come from a real Montclair email account (in this case, a compromised account)

Signs This Email Is Phishing

• Contains awkward wording, grammar issues, and inconsistent capitalization

• Uses urgency and exclusivity tactics like:

  • “Only given to TWENTY Students”

  • “This Message will Disappear”

  • “Be a lucky one”

• Encourages clicking embedded links instead of directing users to official university websites

• Displays university address details with unusual formatting (ex: spaces added between ZIP code numbers like 1 2 3 4 5 6 7 8)

• Links may redirect users to malicious sites designed to steal login credentials or personal information

Risks of Clicking the Link

Submitting information through these links may allow attackers to:

• Steal university login credentials

• Collect personal or academic information

• Send phishing emails from the compromised account to others on campus

• Conduct financial or identity-related scams

• Spread additional phishing or malware attacks

How To Protect Yourself

• Be cautious of unsolicited academic or job opportunity emails

• All Montclair job offers are available directly through��Handshake

• Avoid clicking links in unexpected emails

• Check sender addresses carefully — even messages from internal accounts can be compromised

• Report suspicious messages using the��Knowbe4 Phish Alert Button (PAB)

Additional Notes

• Remember:��Information Technology will never text you. We will also never request your password or Duo codes,��ever.
• Information Technology will��not��ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.
• Do you think ��dz�’v�� fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at��973-655-7971��option 1 or email��itservicedesk@montclair.edu.
• Use the��Knowbe4 Phish Alert Button (PAB)��to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to��phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our��Security Tips���貹����.