What Happened

The recipient—a faculty member—received a text message that read:

“Are you by any chance available for a quick task? I’m planning a small surprise for some of our outstanding staff members…”

While the message may seem harmless at first, it is the opening step in a common scam. In this case, the recipient quickly recognized something was off—specifically noting how unusual it would be for President Koppell to have their personal phone number—and did not engage.

How It Looks Legitimate

Attackers design these messages to feel natural and trustworthy:

• Friendly, low-pressure opener: The message starts casually, avoiding immediate suspicion.
• Positive context: Framing the request as a “surprise” for staff makes it feel thoughtful and legitimate.
• Authority impersonation: Claiming to be President Koppell adds credibility and discourages questioning.
• Gradual escalation: The initial message is vague on purpose—once the user responds, the attacker typically pivots to requesting gift cards.

How to Spot It’s a Phish

Despite its friendly tone, there are clear warning signs:

• Unexpected outreach: It is highly unlikely that university leadership would contact a faculty member directly via text for a task like this.
• Unrecognized phone number: Messages come from external or unknown numbers, not official Montclair channels.
• Vague request: The message avoids specifics upfront—a common tactic to draw the recipient into a conversation.
• Gift card angle (follow-up): These scams almost always lead to a request to purchase gift cards and share the codes.
• Bypassing normal processes: No official procurement, approvals, or communication channels are used.

What To Do If You Fall for It

If you have already engaged with this message:

• Stop communication immediately
• Do not purchase or share gift card codes: If you haven’t yet, stop. If you have, do not send the codes.
• Report it right away: You can forward smishing text message screenshots directly to phishfiles@montclair.edu.
• Contact the retailer if gift cards were purchased—quick action may help protect unused funds
• Block the sender
• Save screenshots and receipts for investigation
• If you have experienced financial loss or feel threatened, you may also contact University Police

Remember

Even when a message sounds friendly or well-intentioned, always pause and think:

• Would this person normally contact me this way?
• Does this request follow normal Montclair processes?

In this case, trusting that instinct—questioning why the President would have direct access to a personal phone number—helped prevent a potential scam.

Additional Notes:

• Information Technology will never text you. We will also never request your password or Duo codes, ever.
• Information Technology will not ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.
• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Use the Knowbe4 Phish Alert Button (PAB) to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips���貹����.

How It Looks Legit

• Appears to come from the IT Service Desk: The email is sent from a compromised Montclair account, making it look like it’s coming from someone on campus.

• Urgent account warning: It claims your email will stop receiving messages or be permanently deleted if you don’t verify your account within hours.

• Simple “verification” form: The message links to a Google Form that looks like a quick step to fix the issue.

• Follow-up help by text: In some cases, attackers will text the user pretending to be IT to help “resolve” the account problem.

How It’s a Phish

• Urgency is used to pressure you: The message pushes you to act quickly before your account is supposedly deleted.

• It asks for your password: The Google Form requests your email and password, sometimes labeling the password field as “A���” to disguise it.

• Text message impersonation: Attackers may text you claiming to be IT and ask for your password and Duo verification code.

• IT does not operate this way: The IT Service Desk will never ask for your password or Duo code, and does not verify accounts through Google Forms or text messages.

What Happens If You Fall for It

• Your credentials are stolen: Submitting the form gives attackers your email and password.

• Duo can be bypassed: If you share your Duo code in the follow-up text, attackers can complete the login and access your account.

• Your account may be used in more attacks: Compromised accounts are often used to send additional phishing emails to others on campus.

What To Do

• Do not click the link or complete the form.

• Do not respond to text messages claiming to be IT.

• Do not forward or respond to the email. Sharing is not caring.
• Block the phone number.

• Report the email using the Phish Alert Button or sending screenshots to phishfiles@montclair.edu.

• If you already entered your information, change your password immediately and contact the IT Service Desk.

Additional Notes:

• Remember: Information Technology will never text you. We will also never request your password or Duo codes, ever.
• Information Technology will not ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.
• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Use the Knowbe4 Phish Alert Button (PAB) to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips���貹����.

• Safety Scare: They use scary words like “recall” and “safety standards” to make you feel like you must act fast to protect yourself.

• Professional Tone: The text is polite, apologizes, and thanks you for your business. It sounds like a big company wrote it.

• Promise of Money: They offer a “full refund,” which is a powerful incentive to click the link immediately before checking if it’s real.

Why this is phishing?

A legitimate recall notice from Amazon would not look like this text message. Before you ever click a link in a text, look for these simple clues:

• Missing Details: The text mentions a vague “item purchased in November 2025” (or a different non-specific date) with no name or order number.
  • What Amazon Would Do: A real notice would name the exact product (e.g., “The XYZ Coffee Maker”) and likely include your specific Order ID.
• The Pressure Link: It demands you click a link in the text to get a refund or more information.
  • What Amazon Would Do: Amazon NEVER asks you to click a link in a text message to log in or submit financial details. They want you to log into the official app or website yourself.
• High Pressure: It says you must “stop using this product immediately” to create panic and rush you into clicking the link.

  • What Amazon Would Do: While safety is urgent, they provide clear, official channels you can check yourself, not just a random text link.

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Use the Knowbe4 Phish Alert Button (PAB) to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

Why this looks valid:

• Text says it’s coming from ����vlog.

Why this is phishing?

• Text was sent in response to a previous phishing attack. [Please see ����vlog Notice – September 10, 2025: Action Required Now!!!]
• Don’t share your passwords, duo codes or personal information with anyone. IT will never ask you for your login credentials.
• Attacker attempts to rush the user to act fast or their account will be shut down.

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Use the Knowbe4 Phish Alert Button (PAB) to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

• Apple uses this format for text messages
• Has a real billing department link for Apple

Why this is phishing?

• Apple does not typically send text messages to alert users of account issues or suspicious activity.
• Attacker is attempting to get users to call them to gather credit card information.
• The sender is usually an email address or a random telephone number not associated with Apple.
  • General Apple Support: 1‑800‑MY‑APPLE (1‑800‑692‑7753)
  • Apple Care Support: 1‑800‑275‑2273
  • Apple users are encouraged to forward suspicious texts or emails to Apple at reportphishing@apple.com.

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

• TikTok does not recruit via SMS, emails from free domains, or external apps
• Sender is either a random telephone number or email address
• Directs user to WhatsApp or an external app, where they’re asked to pay a fee to unlock tasks or higher earnings
• These types of scams often features “task apps”. You’ll do a few and hit a paywall. Once money is deposited you cannot withdraw it — a classic advance-fee scam

How to Report

• Open TikTok and navigate to your Profile.

  • Tap the ☰ ����vlog (top right) → Settings and privacy.

  • Go to Safety → Report a problem or Account and safety → Avoid phishing → Report suspicious message

  • Describe the issue: e.g. “I received a smishing text claiming to be from TikTok recruitment”—and include details or screenshots.

  • Use the “Chat with us” option if you don’t find a fitting category

• Report SMS to Your Carrier: Forward the suspect text to 7726 (SPAM) to alert your carrier and stop further messages

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

• E-ZPass will never text you for payment
• Sender is either a random phone number (10 digit) or email address

What You Might Get From E‑ZPass (Legit)

• Account balance/replenishment reminders via SMS (if you opted in).

• Legitimate messages from short codes, like 65397 (NJ), which corresponds to the identifier “N�����ܱ�”.

• Emails or official mailed notices—not SMS demanding payment.

If You Receive a Suspicious E‑ZPass‑Style Text:

1. Don’t reply or click any links.

2. Check for short‑code (e.g., 65397). If it isn’t one, be cautious.

3. Report it as spam/Junk via your phone or forward to 7726.

4. Verify your account balance by logging into the official website or app, not via text link.

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

• Text message says it’s from the IT Service Desk
• A previous Office 365 email had gone out regarding account deactivation
• Text message points to an authentication code via Google

Why this is phishing?

• MSU will not text the campus community unless it is associated with emergency messages via Rave Mobile.
• The IT Service Desk will never request any Two-Factor Authentication (2FA) codes.
• Attacker is creating a sense of urgency by stating the individual will lose their email account.

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.