• It references a real Montclair leader by name and title.

• It mentions students and courses, making it seem relevant to faculty.

• It appears to come from a Montclair email account, increasing trust.

• The request to review a PDF document looks like a routine administrative task.

These elements are meant to make the email feel familiar so recipients are more likely to open the attachment.

What Happens If You Open the Attachment

The attached PDF does not contain a real report.

Instead, it displays a fake document viewer designed to look like an Adobe page. The page prompts the user to click a button or link to view the document.

If the button is clicked, the user is redirected to a malicious website designed to capture their university login credentials.

Signs It’s a Phishing Email

Although the email looks convincing, there are several warning signs:

• Unexpected request – Faculty do not typically receive student reports directly from HR.

• Vague information – No student name, course, case number, or department contact is provided.

• Urgency to review a document without explanation.

• Attachment as the main action, encouraging users to open the PDF immediately.

Risks of Interacting With the Email

Engaging with phishing attachments can lead to serious security risks, including:

• Credential theft if your login information is entered on the fake site

• Account compromise, allowing attackers to send phishing emails from your account

• Further attacks against colleagues and students using your trusted identity

In this case, the attacker is already sending emails from a compromised university account, which increases the likelihood that recipients will trust the message.

What To Do

If you entered your login information, take action immediately:

1. Change your Montclair password right away.

2. If you receive Duo alerts you did not request, mark them as fraud.

Always report the email using the Phish Alert Button whether you’ve fallen for it or not.

Additional Notes:

• Remember: Information Technology will never text you. We will also never request your password or Duo codes, ever.
• Information Technology will not ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.
• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Use the Knowbe4 Phish Alert Button (PAB) to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips���貹����.

Why this looks valid:

• Professional Branding: It uses the university name, address, and an official-sounding department (e.g., “Office of Career Services”).
• Appealing Terms: It offers a high weekly pay ($545) for “flexible, remote work” with no experience required—exactly what a busy student wants.

Why this is phishing?

• External Senders: If the “From” address doesn’t end in Montclair’s official domain, @montclair.edu, it is a scam.

  • Attackers will also use multiple subject lines but the same email to get more hits.

• The “Switch” Tactic: Attackers often email you from one address and then have a “different” person contact you via a personal email (Gmail/Yahoo) to “onboard” you. This is a tactic to bypass school security filters.

• Inappropriate Questions: A legitimate job application will never ask for your bank’s mobile deposit limit or your gender and age on an initial form.

• Form Use: Real university jobs are processed through official HR portals, not generic Google Forms or suspicious external links.

Information the Scammer is After

• Personal Identity: Full Name, Age, Gender, and Address.

• Financial Access: Your bank name and Mobile Deposit Limit. (This is a huge red flag—they ask this so they can send you a “fake check” and have you send them back “change” before the bank realizes the check is forged).

• Direct Contact: Your cell phone number, used to move the scam to text/WhatsApp where it is harder for IT to track.

• All Montclair job offers are available directly through Handshake.

Immediate Steps to Take

• Do Not Click: Avoid clicking any links or copying/pasting the URL.
• Report the Email: Use the Phish Alert Button (PAB).

If You Already Clicked or Entered Credentials

• Contact Your Bank: If you provided your bank name or deposit limits, alert your bank’s fraud department immediately.

• Secure Your Identity: Since you provided your address and phone number, be on high alert for increased spam, “verification” texts, or suspicious mail.

• Change Passwords: If you provided your Montclair or personal email password, change them across all platforms immediately.

• Cease Communication: If the scammers text or email you from a new address, do not respond. Block the numbers and addresses immediately.

• Report the Email: Use the Phish Alert Button (PAB). Letting IT know about the situation can help us protect others from the same attack.

Additional Notes:

• Remember: Information Technology will never text you. We will also never request your password or Duo codes, ever.
• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Use the Knowbe4 Phish Alert Button (PAB) to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

Why this looks valid:

• Logical Premise: IT frequently perform maintenance and security updates, making the request seem routine.

• Specific Instructions: Mentioning “conflicting issues” with other universities adds a layer of technical detail that can sound professional.

• Convenience: The email suggests you can perform the update from a mobile device or home computer, which aligns with modern remote-access policies.

Why this is phishing?

• Artificial Urgency: The “48-hour” deadline is a high-pressure tactic designed to make you act before you think.

• Threat of Account Loss: IT would not threaten to delete your account over a routine database update.

• Generic Greeting: Using “Dear User” instead of your name is a sign of a bulk phishing campaign.

• The “P.W.” Disclaimer: IT will never ask for your password via an external form or link. Asking you to provide your “password for verification” is a 100% guarantee of a scam.

• Poor Grammar/Formatting: “Everyone is expected to update his/her details” and the awkward “NOTE::” section are unprofessional and typical of phishing templates.

• External Sender: The email address is not from our domain.

Immediate Steps to Take

• Do Not Click: Avoid clicking any links or copying/pasting the URL.
• Report the Email: Use the Phish Alert Button (PAB).

If You Already Clicked or Entered Credentials

If you entered your Montclair email and password into the provided link, follow these steps immediately:

1. Change Your Password

Reset your password via the . If you use this password for other accounts (Gmail, Banking, etc.), change those as well.

2. Monitor Your Duo MFA Alerts

If you start receiving Duo requests you did not initiate, report them as Fraud and reset your password.

3. Monitor for Fraud

Keep a close eye on your financial accounts and any personal information tied to your school profile for the next few weeks.

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Use the Knowbe4 Phish Alert Button (PAB) to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

• Urgency & Importance: It uses professional language regarding “accurate recordkeeping” and “University guidelines.”
• Personalization: It includes a fake “Reference ID” to make the document seem specific to you.
• Internal Domain: The email may appear to come from a montclair.edu address, making it seem “safe” at first glance.

Why this is phishing?

• Sender Mismatch: While the display name says “Chief Human Resources,” the actual sender address is a random user within the domain who is not affiliated with HR.

• Spoofed Subject Line: The subject line contains a manually typed email address (humanresources@montclair.edu) to mask the true sender.

• Identity Error: The person named in the signature, Bernadette Bascom, is not the Chief Human Resources Officer for our institution.

• Suspicious Link: HR will typically direct you to log in directly through the official Workday portal rather than providing a direct link to a “Statement” in an unsolicited email.

Immediate Steps to Take

1. Do Not Click: If you receive this email, do not click the “View Your Compensation Statement” link.

2. Report It: Use the Phish Alert Hook (PAB) to report this email directly to Information Security.

3. Verify Sources: Always navigate to official portals (like ) via your bookmarks or the university homepage rather than clicking links in emails.

If You Already Clicked or Entered Credentials

If you clicked the link and entered your login information, please take the following actions immediately:

• Duo Alerts: If you begin receiving suspicious or unexpected Duo push requests, deny them and reset your password immediately. This indicates an attacker is actively trying to use your stolen credentials.

• Workday Monitoring: Check your account for any unauthorized changes, specifically regarding your banking information or direct deposit settings.

• Contact Us: If you see any unusual activity or receive weird emails regarding your account changes, use the Phish Alert Hook (PAB) and contact HR immediately.

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Use the Knowbe4 Phish Alert Button (PAB) to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

• High Authority: It is signed by the actual president’s name and mentions the Staff Council, making it seem like a top-level, official university communication.

• Familiar Topic: The subject is the Staff Appreciation and Service Awards, an event every staff member knows about, making the request seem normal.

• Professional Tone: The language is formal and polite, perfectly mimicking genuine communications from the university administration.

Why this is phishing?

• Suspicious Link: It directs you to an unknown “Eligibility Portal” instead of Workday.
• Wrong Department: Confirming service eligibility is an HR/Payroll function, but this request is supposedly coming from the Staff Council/President.
• Branding Check: (This is a subtle, but key check): Official communications strictly use Montclair or ����vlog. If the body contained unusual variations (e.g., “Montclair University” or inconsistent capitalization), it would be a major red flag. (Note: While this email uses the correct branding, scammers often slip up, making this a necessary check.)

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Use the Knowbe4 Phish Alert Button (PAB) to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

• Coming from SharePoint’s official no-reply email address.
• The reply-to is part of the .edu domain.
• Body of the email says it’s from President Koppell.

Why this is phishing?

• Email address in the reply-to is a compromised account.
• Image is broken within the body of the email.
• The last line on the email says it’s not from ����vlog.
• Email address is not associated with President Koppell or anyone else at ����vlog.

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

Why this looks valid:

• Email is coming from an internal email address
• ����vlog logo is used
• Email name is ����vlog
• Link within email is showing as MSU website

Why this is phishing?

• Email address is a personal MSU account
• Sense of Urgency: Stating you’ll lose access to you account
• Link is actually malicious and not associated with MSU. Using the hover over technique it points somewhere else.
• Spelling: Attacker uses “C*V*V #” on the malicious website instead of CSV
• Personally Identifiable Information (PII): Attacker is requesting SSN

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

Why this looks valid:

• Email is coming from an internal email address
• Student Communications and MSU logo utilized
• Email says Red Hawk

Why this is phishing?

• Email address is a personal account not associated with Red Hawk Central or Student Communications
• Email says Red Hawk Center and not Red Hawk Central
• Link is malicious and points to webpages asking for personal information
• Greeting is generic, “Dear Montclair.edu”

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

Why this looks valid:

• Email has the banner and wording of an email coming from MSU
• Link in email states it’s going to TouchNet

Why this is phishing?

• The email addresses utilized are either from an external email address or from an MSU user that would not send this information
• Link goes to BankMobile not TouchNet

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

Why this looks valid:

• Attacker makes the alias of the email say Montclair
• Attacker uses a legitimate telephone number at MSU

Why this is phishing?

• Email address is from an external account not associated with MSU
• Email Subject changes:
  • We’ve halt your Montclair ID
  • Your Montclair ID Halted
  • Your MontcIair ID halted  < Montclair is spelt with an uppercase i
  • We’ll close your Montclair ID
• Link is fake and reroutes to a different website
• Spelling errors

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.