{"id":1483,"date":"2026-03-04T16:02:17","date_gmt":"2026-03-04T21:02:17","guid":{"rendered":"https:\/\/www.montclair.edu\/phish-files\/?p=1483"},"modified":"2026-03-05T11:56:19","modified_gmt":"2026-03-05T16:56:19","slug":"item-shared-with-you-total-rewards-compensation-montclair-state-university-pdf","status":"publish","type":"post","link":"https:\/\/www.montclair.edu\/phish-files\/2026\/03\/04\/item-shared-with-you-total-rewards-compensation-montclair-state-university-pdf\/","title":{"rendered":"Item shared with you: &#8220;Total Rewards Compensation &#8211; ÌÇÐÄvlog.pdf&#8221;"},"content":{"rendered":"<h2 data-start=\"567\" data-end=\"595\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.montclair.edu\/phish-files\/wp-content\/uploads\/sites\/290\/2026\/03\/google-doc-phish-3.4.26.png\" alt=\"\" width=\"797\" height=\"823\" \/> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.montclair.edu\/phish-files\/wp-content\/uploads\/sites\/290\/2026\/03\/google-form-phish-3.4.26.png\" alt=\"\" width=\"604\" height=\"712\" \/><\/h2>\n<h2 data-start=\"567\" data-end=\"595\">Why This Looks Legitimate<\/h2>\n<ul data-start=\"741\" data-end=\"1189\">\n<li data-start=\"741\" data-end=\"843\">\n<p data-start=\"743\" data-end=\"843\">It references a <strong data-start=\"759\" data-end=\"799\">\u201c2026 Total Compensation Statement,\u201d<\/strong> which sounds like a legitimate HR document.<\/p>\n<\/li>\n<li data-start=\"844\" data-end=\"932\">\n<p data-start=\"846\" data-end=\"932\">The message appears as a <strong data-start=\"871\" data-end=\"891\">Google Doc share<\/strong>, a tool commonly used for collaboration.<\/p>\n<\/li>\n<li data-start=\"933\" data-end=\"1069\">\n<p data-start=\"935\" data-end=\"1069\">The document includes <strong data-start=\"957\" data-end=\"1015\">real Montclair employees\u2019 names in the comments\/notes<\/strong>, making it look like others are already reviewing it.<\/p>\n<\/li>\n<li data-start=\"1070\" data-end=\"1189\">\n<p data-start=\"1072\" data-end=\"1189\">It mentions <strong data-start=\"1084\" data-end=\"1134\">salary, benefits, and retirement contributions<\/strong>, topics that are typically handled by Human Resources.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"1191\" data-end=\"1262\">These details are meant to make the document feel routine and credible.<\/p>\n<h2 data-start=\"1269\" data-end=\"1301\">Signs It\u2019s a Phishing Attempt<\/h2>\n<p data-start=\"1303\" data-end=\"1379\">Even though the message looks professional, there are several warning signs:<\/p>\n<ul data-start=\"1381\" data-end=\"1953\">\n<li data-start=\"1381\" data-end=\"1496\">\n<p data-start=\"1383\" data-end=\"1496\"><strong data-start=\"1383\" data-end=\"1412\">Unexpected document share<\/strong> \u2013 Compensation statements are not typically distributed through shared Google Docs.<\/p>\n<\/li>\n<li data-start=\"1497\" data-end=\"1584\">\n<p data-start=\"1499\" data-end=\"1584\"><strong data-start=\"1499\" data-end=\"1518\">External sender<\/strong> \u2013 The document originates from an account <strong>outside the university<\/strong>.<\/p>\n<\/li>\n<li data-start=\"1585\" data-end=\"1677\">\n<p data-start=\"1587\" data-end=\"1677\"><strong data-start=\"1587\" data-end=\"1606\">Generic message<\/strong> \u2013 The document does not include your name, department, or employee ID.<\/p>\n<\/li>\n<li data-start=\"1678\" data-end=\"1827\">\n<p data-start=\"1680\" data-end=\"1827\"><strong data-start=\"1680\" data-end=\"1719\">Suspicious link inside the document<\/strong> \u2013 The text <strong data-start=\"1731\" data-end=\"1753\">\u201cstatement online\u201d<\/strong> is a clickable link rather than directing users to an official HR system.<\/p>\n<\/li>\n<li data-start=\"1828\" data-end=\"1953\">\n<p data-start=\"1830\" data-end=\"1953\"><strong data-start=\"1830\" data-end=\"1863\">Use of real names in comments<\/strong> \u2013 Attackers sometimes include real employee names to make the document appear legitimate.<\/p>\n<\/li>\n<\/ul>\n<h2 data-start=\"1960\" data-end=\"1997\">What Happens If You Click the Link<\/h2>\n<p data-start=\"1999\" data-end=\"2081\">The link in the document does <strong data-start=\"2029\" data-end=\"2080\">not lead to a legitimate compensation statement<\/strong>.<\/p>\n<p data-start=\"2083\" data-end=\"2272\">Instead, it redirects users to a <strong data-start=\"2116\" data-end=\"2174\">malicious form requesting university login credentials<\/strong>. These forms are designed to capture usernames and passwords and send them directly to attackers.<\/p>\n<p data-start=\"2274\" data-end=\"2331\">Once credentials are submitted, attackers may be able to:<\/p>\n<ul data-start=\"2333\" data-end=\"2492\">\n<li data-start=\"2333\" data-end=\"2377\">\n<p data-start=\"2335\" data-end=\"2377\">Access your <strong data-start=\"2347\" data-end=\"2377\">university email and files (including Workday)<\/strong><\/p>\n<\/li>\n<li data-start=\"2378\" data-end=\"2424\">\n<p data-start=\"2380\" data-end=\"2424\">Send <strong data-start=\"2385\" data-end=\"2424\">phishing messages from your account<\/strong><\/p>\n<\/li>\n<li data-start=\"2425\" data-end=\"2492\">\n<p data-start=\"2427\" data-end=\"2492\">Attempt to access <strong data-start=\"2445\" data-end=\"2492\">other university systems tied to your login<\/strong><\/p>\n<\/li>\n<\/ul>\n<h2 data-start=\"2499\" data-end=\"2538\">What To Do If You Interacted With It<\/h2>\n<p data-start=\"2540\" data-end=\"2621\">If you <strong data-start=\"2547\" data-end=\"2595\">clicked the link or entered your credentials<\/strong>, take action immediately:<\/p>\n<ol data-start=\"2623\" data-end=\"2848\">\n<li data-start=\"2623\" data-end=\"2673\">\n<p data-start=\"2626\" data-end=\"2673\">Change your university password right away.<\/p>\n<\/li>\n<li><strong data-start=\"2918\" data-end=\"2960\">Do not click <\/strong>the link in the document.<\/li>\n<li data-start=\"2674\" data-end=\"2739\">\n<p data-start=\"2677\" data-end=\"2739\">Report the email or document using the <strong data-start=\"2677\" data-end=\"2739\"><a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Phish Alert Button<\/a>.<\/strong><\/p>\n<\/li>\n<\/ol>\n<h2>Additional Notes:<\/h2>\n<ul>\n<li><strong>Remember<\/strong><strong>:<\/strong>\u00a0Information Technology will never text you. We will also never request your password or Duo codes,\u00a0<strong>ever<\/strong>.<\/li>\n<li>Information Technology will\u00a0<strong data-start=\"1865\" data-end=\"1872\">not<\/strong>\u00a0ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.<\/li>\n<li>Do you think you\u2019ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at\u00a0<a href=\"tel:973-655-7971\" class=\"\"><span class=\"a11y-phone-number initialized\" aria-label=\"9 7 3  6 5 5  79 71 \">973-655-7971<\/span><\/a>\u00a0option 1 or email\u00a0<a href=\"mailto:itservicedesk@montclair.edu\">itservicedesk@montclair.edu<\/a>.<\/li>\n<li>Use the\u00a0<a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Knowbe4 Phish Alert Button (PAB)<\/a>\u00a0to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to\u00a0<a href=\"mailto:phishfiles@montclair.edu\">phishfiles@montclair.edu<\/a>.<\/li>\n<li>Always use the \u201chover over\u201d technique to check web links before clicking! For more security tips please visit our\u00a0<a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/security-tips\/\">Security Tips<\/a>\u00a0page.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Why This Looks Legitimate It references a \u201c2026 Total Compensation Statement,\u201d which sounds like a legitimate HR document. The message appears as a Google Doc share, a tool commonly used for collaboration. The document includes real Montclair employees\u2019 names in the comments\/notes, making it look like others are already reviewing it. It mentions salary, benefits, [&hellip;]<\/p>\n","protected":false},"author":349,"featured_media":1484,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1483","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-phishing"],"_links":{"self":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1483","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/users\/349"}],"replies":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/comments?post=1483"}],"version-history":[{"count":1,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1483\/revisions"}],"predecessor-version":[{"id":1487,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1483\/revisions\/1487"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media\/1484"}],"wp:attachment":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media?parent=1483"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/categories?post=1483"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/tags?post=1483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}