{"id":1478,"date":"2026-03-04T17:48:02","date_gmt":"2026-03-04T22:48:02","guid":{"rendered":"https:\/\/www.montclair.edu\/phish-files\/?p=1478"},"modified":"2026-03-05T11:40:08","modified_gmt":"2026-03-05T16:40:08","slug":"montclair-state-university-ongoing-student-report-follow-up","status":"publish","type":"post","link":"https:\/\/www.montclair.edu\/phish-files\/2026\/03\/04\/montclair-state-university-ongoing-student-report-follow-up\/","title":{"rendered":"ÌÇÐÄvlog Ongoing Student Report \u2013 Follow-Up"},"content":{"rendered":"<h2 data-start=\"632\" data-end=\"667\">Why This Email Looks Legitimate<\/h2>\n<ul data-start=\"819\" data-end=\"1125\">\n<li data-start=\"819\" data-end=\"884\">\n<p data-start=\"821\" data-end=\"884\">It references a <strong data-start=\"837\" data-end=\"881\">real Montclair leader by name and title<\/strong>.<\/p>\n<\/li>\n<li data-start=\"885\" data-end=\"962\">\n<p data-start=\"887\" data-end=\"962\">It mentions <strong data-start=\"899\" data-end=\"923\">students and courses<\/strong>, making it seem relevant to faculty.<\/p>\n<\/li>\n<li data-start=\"963\" data-end=\"1040\">\n<p data-start=\"965\" data-end=\"1040\">It appears to come from a Montclair email account, increasing trust.<\/p>\n<\/li>\n<li data-start=\"1041\" data-end=\"1125\">\n<p data-start=\"1043\" data-end=\"1125\">The request to review a <strong data-start=\"1067\" data-end=\"1083\">PDF document<\/strong> looks like a routine administrative task.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"1127\" data-end=\"1237\">These elements are meant to make the email feel familiar so recipients are more likely to open the attachment.<\/p>\n<h2 data-start=\"1239\" data-end=\"1282\">What Happens If You Open the Attachment<\/h2>\n<p data-start=\"1283\" data-end=\"1335\">The attached PDF does <strong data-start=\"1305\" data-end=\"1334\">not contain a real report<\/strong>.<\/p>\n<p data-start=\"1337\" data-end=\"1495\">Instead, it displays a <strong data-start=\"1360\" data-end=\"1420\">fake document viewer designed to look like an Adobe page<\/strong>. The page prompts the user to click a button or link to view the document.<\/p>\n<p data-start=\"1497\" data-end=\"1628\">If the button is clicked, the user is redirected to a <strong data-start=\"1551\" data-end=\"1627\">malicious website designed to capture their university login credentials<\/strong>.<\/p>\n<h2 data-start=\"1630\" data-end=\"1661\">Signs It\u2019s a Phishing Email<\/h2>\n<p data-start=\"1662\" data-end=\"1731\">Although the email looks convincing, there are several warning signs:<\/p>\n<ul data-start=\"1733\" data-end=\"2071\">\n<li data-start=\"1733\" data-end=\"1828\">\n<p data-start=\"1735\" data-end=\"1828\"><strong data-start=\"1735\" data-end=\"1757\">Unexpected request<\/strong> \u2013 Faculty do not typically receive student reports directly from HR.<\/p>\n<\/li>\n<li data-start=\"1829\" data-end=\"1929\">\n<p data-start=\"1831\" data-end=\"1929\"><strong data-start=\"1831\" data-end=\"1852\">Vague information<\/strong> \u2013 No student name, course, case number, or department contact is provided.<\/p>\n<\/li>\n<li data-start=\"1930\" data-end=\"1987\">\n<p data-start=\"1932\" data-end=\"1987\"><strong data-start=\"1932\" data-end=\"1964\">Urgency to review a document<\/strong> without explanation.<\/p>\n<\/li>\n<li data-start=\"1988\" data-end=\"2071\">\n<p data-start=\"1990\" data-end=\"2071\"><strong data-start=\"1990\" data-end=\"2023\">Attachment as the main action<\/strong>, encouraging users to open the PDF immediately.<\/p>\n<\/li>\n<\/ul>\n<h2 data-start=\"2073\" data-end=\"2112\">Risks of Interacting With the Email<\/h2>\n<p data-start=\"2113\" data-end=\"2194\">Engaging with phishing attachments can lead to serious security risks, including:<\/p>\n<ul data-start=\"2196\" data-end=\"2445\">\n<li data-start=\"2196\" data-end=\"2274\">\n<p data-start=\"2198\" data-end=\"2274\"><strong data-start=\"2198\" data-end=\"2218\">Credential theft<\/strong> if your login information is entered on the fake site<\/p>\n<\/li>\n<li data-start=\"2275\" data-end=\"2363\">\n<p data-start=\"2277\" data-end=\"2363\"><strong data-start=\"2277\" data-end=\"2299\">Account compromise<\/strong>, allowing attackers to send phishing emails from your account<\/p>\n<\/li>\n<li data-start=\"2364\" data-end=\"2445\">\n<p data-start=\"2366\" data-end=\"2445\"><strong data-start=\"2366\" data-end=\"2417\">Further attacks against colleagues and students<\/strong> using your trusted identity<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"2447\" data-end=\"2613\">In this case, the attacker is already sending emails from a <strong data-start=\"2507\" data-end=\"2541\">compromised university account<\/strong>, which increases the likelihood that recipients will trust the message.<\/p>\n<h2 data-start=\"2615\" data-end=\"2655\">What To Do<\/h2>\n<p data-start=\"2656\" data-end=\"2769\">If you<strong data-start=\"2663\" data-end=\"2743\">\u00a0entered your login information<\/strong>, take action immediately:<\/p>\n<ol data-start=\"2771\" data-end=\"2987\">\n<li data-start=\"2771\" data-end=\"2823\">\n<p data-start=\"2774\" data-end=\"2823\">Change your Montclair password right away.<\/p>\n<\/li>\n<li data-start=\"2824\" data-end=\"2879\">If you receive Duo alerts you <strong>did not request<\/strong>, mark them as fraud.<\/li>\n<\/ol>\n<p>Always report the email using the <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\"><strong>Phish Alert Button<\/strong><\/a> whether you&#8217;ve fallen for it or not.<\/p>\n<h2>Additional Notes:<\/h2>\n<ul>\n<li><strong>Remember<\/strong><strong>:<\/strong>\u00a0Information Technology will never text you. We will also never request your password or Duo codes,\u00a0<strong>ever<\/strong>.<\/li>\n<li>Information Technology will\u00a0<strong data-start=\"1865\" data-end=\"1872\">not<\/strong>\u00a0ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.<\/li>\n<li>Do you think you\u2019ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at\u00a0<a href=\"tel:973-655-7971\" class=\"\"><span class=\"a11y-phone-number initialized\" aria-label=\"9 7 3 6 5 5 79 71 \">973-655-7971<\/span><\/a>\u00a0option 1 or email\u00a0<a href=\"mailto:itservicedesk@montclair.edu\">itservicedesk@montclair.edu<\/a>.<\/li>\n<li>Use the\u00a0<a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Knowbe4 Phish Alert Button (PAB)<\/a>\u00a0to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to\u00a0<a href=\"mailto:phishfiles@montclair.edu\">phishfiles@montclair.edu<\/a>.<\/li>\n<li>Always use the \u201chover over\u201d technique to check web links before clicking! For more security tips please visit our\u00a0<a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/security-tips\/\">Security Tips<\/a>\u00a0page.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Why This Email Looks Legitimate It references a real Montclair leader by name and title. It mentions students and courses, making it seem relevant to faculty. It appears to come from a Montclair email account, increasing trust. The request to review a PDF document looks like a routine administrative task. These elements are meant to [&hellip;]<\/p>\n","protected":false},"author":349,"featured_media":1479,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[8],"tags":[],"class_list":["post-1478","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-spear-phishing"],"_links":{"self":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1478","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/users\/349"}],"replies":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/comments?post=1478"}],"version-history":[{"count":3,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1478\/revisions"}],"predecessor-version":[{"id":1482,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1478\/revisions\/1482"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media\/1479"}],"wp:attachment":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media?parent=1478"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/categories?post=1478"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/tags?post=1478"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}