{"id":1251,"date":"2025-12-17T13:56:31","date_gmt":"2025-12-17T18:56:31","guid":{"rendered":"https:\/\/www.montclair.edu\/phish-files\/?p=1251"},"modified":"2026-02-16T13:39:29","modified_gmt":"2026-02-16T18:39:29","slug":"chief-human-resources","status":"publish","type":"post","link":"https:\/\/www.montclair.edu\/phish-files\/2025\/12\/17\/chief-human-resources\/","title":{"rendered":"Chief Human Resources"},"content":{"rendered":"<h2><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.montclair.edu\/phish-files\/wp-content\/uploads\/sites\/290\/2025\/12\/image-52-238x300.png\" alt=\"\" width=\"399\" height=\"503\" \/><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.montclair.edu\/phish-files\/wp-content\/uploads\/sites\/290\/2025\/12\/Screenshot-2025-12-17-at-2.43.53\u202fPM-300x249.png\" alt=\"\" width=\"448\" height=\"372\" \/><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.montclair.edu\/phish-files\/wp-content\/uploads\/sites\/290\/2025\/12\/Screenshot-2025-12-17-at-2.43.38\u202fPM-300x222.png\" alt=\"\" width=\"499\" height=\"369\" \/><br \/>\nWhy this looks valid:<\/h2>\n<ul>\n<li data-path-to-node=\"6,0,0\"><strong>Urgency &amp; Importance:<\/strong> It uses professional language regarding &#8220;accurate recordkeeping&#8221; and &#8220;University guidelines.&#8221;<\/li>\n<li data-path-to-node=\"6,1,0\"><strong>Personalization:<\/strong> It includes a fake &#8220;Reference ID&#8221; to make the document seem specific to you.<\/li>\n<li data-path-to-node=\"6,2,0\"><strong>Internal Domain:<\/strong> The email may appear to come from a <code>montclair.edu<\/code> address, making it seem &#8220;safe&#8221; at first glance.<\/li>\n<\/ul>\n<h2>Why this is phishing?<\/h2>\n<ul>\n<li>\n<p data-path-to-node=\"8,0,0\"><strong>Sender Mismatch: <\/strong>While the display name says &#8220;Chief Human Resources,&#8221; the actual sender address is a random user within the domain who is not affiliated with HR.<\/p>\n<\/li>\n<li>\n<p data-path-to-node=\"8,1,0\"><strong>Spoofed Subject Line: <\/strong>The subject line contains a manually typed email address (<code>humanresources@montclair.edu<\/code>) to mask the true sender.<\/p>\n<\/li>\n<li>\n<p data-path-to-node=\"8,2,0\"><strong>Identity Error: <\/strong>The person named in the signature, <strong>Bernadette Bascom<\/strong>, is not the Chief Human Resources Officer for our institution.<\/p>\n<\/li>\n<li>\n<p data-path-to-node=\"8,3,0\"><strong>Suspicious Link: <\/strong>HR will typically direct you to log in directly through the official Workday portal rather than providing a direct link to a &#8220;Statement&#8221; in an unsolicited email.<\/p>\n<\/li>\n<\/ul>\n<h2 data-path-to-node=\"10\">Immediate Steps to Take<\/h2>\n<ol start=\"1\" data-path-to-node=\"11\">\n<li>\n<p data-path-to-node=\"11,0,0\"><strong>Do Not Click: <\/strong>If you receive this email, do not click the &#8220;View Your Compensation Statement&#8221; link.<\/p>\n<\/li>\n<li>\n<p data-path-to-node=\"11,1,0\"><strong>Report It:\u00a0<\/strong>Use the <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Phish Alert Hook (PAB)<\/a> to report this email directly to <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/\">Information Security<\/a>.<\/p>\n<\/li>\n<li>\n<p data-path-to-node=\"11,2,0\"><strong>Verify Sources:<\/strong> Always navigate to official portals (like <a href=\"https:\/\/www.myworkday.com\/montclair\/\">Workday<\/a>) via your bookmarks or the university homepage rather than clicking links in emails.<\/p>\n<\/li>\n<\/ol>\n<h2 data-path-to-node=\"12\">If You Already Clicked or Entered Credentials<\/h2>\n<p data-path-to-node=\"13\">If you clicked the link and entered your login information, please take the following actions <strong>immediately<\/strong>:<\/p>\n<ul data-path-to-node=\"14\">\n<li>\n<p data-path-to-node=\"14,0,0\"><strong>Duo Alerts:<\/strong> If you begin receiving suspicious or unexpected Duo push requests, <strong>deny them<\/strong> and <strong>reset your password immediately<\/strong>. This indicates an attacker is actively trying to use your stolen credentials.<\/p>\n<\/li>\n<li>\n<p data-path-to-node=\"14,1,0\"><strong>Workday Monitoring:<\/strong> Check your <a href=\"https:\/\/www.myworkday.com\/montclair\/\">Workday<\/a> account for any unauthorized changes, specifically regarding your <strong>banking information<\/strong> or direct deposit settings.<\/p>\n<\/li>\n<li>\n<p data-path-to-node=\"14,2,0\"><strong>Contact Us:<\/strong> If you see any unusual activity or receive weird emails regarding your account changes, use the <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Phish Alert Hook (PAB)<\/a> and contact <a href=\"https:\/\/www.montclair.edu\/human-resources\/contact-us\/\"><strong>HR<\/strong><\/a> immediately.<\/p>\n<\/li>\n<\/ul>\n<h2>Additional Notes:<\/h2>\n<ul>\n<li>Do you think you&#8217;ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at <a href=\"tel:973-655-7971\">973-655-7971<\/a>\u00a0option 1 or email <a href=\"mailto:itservicedesk@montclair.edu\">itservicedesk@montclair.edu<\/a>.<\/li>\n<li>Use the <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Knowbe4 Phish Alert Button (PAB)<\/a> to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to <a href=\"mailto:phishfiles@montclair.edu\">phishfiles@montclair.edu<\/a>.<\/li>\n<li>Always use the &#8220;hover over&#8221; technique to check web links before clicking! For more security tips please visit our <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/security-tips\/\">Security Tips<\/a> page.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Why this looks valid: Urgency &amp; Importance: It uses professional language regarding &#8220;accurate recordkeeping&#8221; and &#8220;University guidelines.&#8221; Personalization: It includes a fake &#8220;Reference ID&#8221; to make the document seem specific to you. Internal Domain: The email may appear to come from a montclair.edu address, making it seem &#8220;safe&#8221; at first glance. Why this is phishing? [&hellip;]<\/p>\n","protected":false},"author":349,"featured_media":1252,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[8],"tags":[],"class_list":["post-1251","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-spear-phishing"],"_links":{"self":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/users\/349"}],"replies":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/comments?post=1251"}],"version-history":[{"count":5,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1251\/revisions"}],"predecessor-version":[{"id":1405,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1251\/revisions\/1405"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media\/1252"}],"wp:attachment":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media?parent=1251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/categories?post=1251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/tags?post=1251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}