{"id":1499,"date":"2026-03-09T10:39:34","date_gmt":"2026-03-09T14:39:34","guid":{"rendered":"https:\/\/www.montclair.edu\/phish-files\/?p=1499"},"modified":"2026-03-09T10:42:57","modified_gmt":"2026-03-09T14:42:57","slug":"important-all-montclair","status":"publish","type":"post","link":"https:\/\/www.montclair.edu\/phish-files\/2026\/03\/09\/important-all-montclair\/","title":{"rendered":"[Important] All Montclair"},"content":{"rendered":"<h2 data-section-id=\"wd2lg8\" data-start=\"453\" data-end=\"480\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.montclair.edu\/phish-files\/wp-content\/uploads\/sites\/290\/2026\/03\/fake-login-page.png\" alt=\"Fake login page for Montclair.\" width=\"989\" height=\"690\" \/><\/h2>\n<h2 data-section-id=\"wd2lg8\" data-start=\"453\" data-end=\"480\">How It Looks Legitimate<\/h2>\n<p data-start=\"481\" data-end=\"597\">Attackers often copy familiar language and formatting to make their messages look official. In this case, the email:<\/p>\n<ul data-start=\"599\" data-end=\"973\">\n<li data-section-id=\"rgl8je\" data-start=\"599\" data-end=\"697\">\n<p data-start=\"601\" data-end=\"697\"><strong data-start=\"601\" data-end=\"635\">Impersonates the IT department<\/strong> by using \u201cIT Service Desk\u201d as the sender name and in the signature.<\/p>\n<\/li>\n<li data-section-id=\"g4mtga\" data-start=\"698\" data-end=\"781\">\n<p data-start=\"700\" data-end=\"781\"><strong data-start=\"700\" data-end=\"737\">References email security changes<\/strong>, which can sound like a normal IT update.<\/p>\n<\/li>\n<li data-section-id=\"9qol3n\" data-start=\"782\" data-end=\"877\">\n<p data-start=\"784\" data-end=\"877\"><strong data-start=\"784\" data-end=\"820\">Targets all university employees<\/strong>, creating the impression of a campus-wide requirement.<\/p>\n<\/li>\n<li data-section-id=\"1d0fwp7\" data-start=\"878\" data-end=\"973\">\n<p data-start=\"880\" data-end=\"973\"><strong data-start=\"880\" data-end=\"931\">Includes a call-to-action link labeled \u201cBegin,\u201d<\/strong> prompting users to take immediate action.<\/p>\n<\/li>\n<\/ul>\n<h2 data-section-id=\"1yozltx\" data-start=\"975\" data-end=\"1003\">How We Know It\u2019s a Phish<\/h2>\n<p data-start=\"1004\" data-end=\"1075\">There are several red flags that reveal this message is not legitimate:<\/p>\n<ul data-start=\"1077\" data-end=\"1538\">\n<li data-section-id=\"1f8f610\" data-start=\"1077\" data-end=\"1162\">\n<p data-start=\"1079\" data-end=\"1162\"><strong data-start=\"1079\" data-end=\"1123\">The email comes from an external address<\/strong>, not an official Montclair account.<\/p>\n<\/li>\n<li data-section-id=\"1myccr1\" data-start=\"1163\" data-end=\"1299\">\n<p data-start=\"1165\" data-end=\"1299\"><strong data-start=\"1165\" data-end=\"1227\">The sender name was changed to appear as the IT department<\/strong>, even though the underlying email address is not from the university.<\/p>\n<\/li>\n<li data-section-id=\"gmik7r\" data-start=\"1300\" data-end=\"1429\">\n<p data-start=\"1302\" data-end=\"1429\"><strong data-start=\"1302\" data-end=\"1372\">The message directs users to a login page through an embedded link<\/strong>, which is a common tactic used to capture credentials.<\/p>\n<\/li>\n<li data-section-id=\"9olxg2\" data-start=\"1430\" data-end=\"1538\">\n<p data-start=\"1432\" data-end=\"1538\"><strong data-start=\"1432\" data-end=\"1467\">The wording is vague and urgent<\/strong>, lacking the details typically included in official IT communications.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"1540\" data-end=\"1641\">Legitimate IT updates will never ask you to verify your password through an unexpected external link.<\/p>\n<h2 data-section-id=\"1pgip2\" data-start=\"1643\" data-end=\"1681\">What Happens If You Click the Link<\/h2>\n<p data-start=\"1682\" data-end=\"1820\">If users interact with the link in the email, they are taken to <strong data-start=\"1746\" data-end=\"1819\">a fake login page designed to look like the university\u2019s sign-in page<\/strong>.<\/p>\n<p data-start=\"1822\" data-end=\"1906\">If credentials are entered on this page, attackers can capture them and potentially:<\/p>\n<ul data-start=\"1908\" data-end=\"2108\">\n<li data-section-id=\"sppts7\" data-start=\"1908\" data-end=\"1954\">\n<p data-start=\"1910\" data-end=\"1954\">Access the user\u2019s Montclair email account<\/p>\n<\/li>\n<li data-section-id=\"1d6507m\" data-start=\"1955\" data-end=\"2010\">\n<p data-start=\"1957\" data-end=\"2010\">Send phishing messages from the compromised account<\/p>\n<\/li>\n<li data-section-id=\"1p30sqj\" data-start=\"2011\" data-end=\"2055\">\n<p data-start=\"2013\" data-end=\"2055\">Access sensitive communications or files<\/p>\n<\/li>\n<li data-section-id=\"uom8nq\" data-start=\"2056\" data-end=\"2108\">\n<p data-start=\"2058\" data-end=\"2108\">Attempt to gain access to other university systems<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"2110\" data-end=\"2188\">Compromised accounts are often used to continue phishing others across campus.<\/p>\n<h2 data-section-id=\"qlfxb0\" data-start=\"2190\" data-end=\"2204\">What To Do<\/h2>\n<p data-start=\"2205\" data-end=\"2231\">If you receive this email:<\/p>\n<ul data-start=\"2233\" data-end=\"2425\">\n<li data-section-id=\"1sb5095\" data-start=\"2233\" data-end=\"2287\">\n<p data-start=\"2235\" data-end=\"2287\"><strong data-start=\"2235\" data-end=\"2285\">Do not click the link or reply to the message.<\/strong><\/p>\n<\/li>\n<li data-section-id=\"ycpsmu\" data-start=\"2288\" data-end=\"2383\">\n<p data-start=\"2290\" data-end=\"2383\"><strong data-start=\"2290\" data-end=\"2381\">Report the email using the <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Phish Alert Button<\/a>.<\/strong><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"2427\" data-end=\"2487\">If you already clicked the link or entered your credentials:<\/p>\n<ul data-start=\"2489\" data-end=\"2615\">\n<li data-section-id=\"1r33qdq\" data-start=\"2489\" data-end=\"2541\">\n<p data-start=\"2491\" data-end=\"2541\"><strong data-start=\"2491\" data-end=\"2539\">Change your <a href=\"https:\/\/iams-amc.montclair.edu\/page-intro\">password<\/a> immediately.<\/strong><\/p>\n<\/li>\n<\/ul>\n<h2>Additional Notes:<\/h2>\n<ul>\n<li><strong>Remember<\/strong><strong>:<\/strong>\u00a0Information Technology will never text you. We will also never request your password or Duo codes,\u00a0<strong>ever<\/strong>.<\/li>\n<li>Information Technology will\u00a0<strong data-start=\"1865\" data-end=\"1872\">not<\/strong>\u00a0ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.<\/li>\n<li>Do you think you\u2019ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at\u00a0<a href=\"tel:973-655-7971\" class=\"\"><span class=\"a11y-phone-number initialized\" aria-label=\"9 7 3 6 5 5 79 71 \">973-655-7971<\/span><\/a>\u00a0option 1 or email\u00a0<a href=\"mailto:itservicedesk@montclair.edu\">itservicedesk@montclair.edu<\/a>.<\/li>\n<li>Use the\u00a0<a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Knowbe4 Phish Alert Button (PAB)<\/a>\u00a0to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to\u00a0<a href=\"mailto:phishfiles@montclair.edu\">phishfiles@montclair.edu<\/a>.<\/li>\n<li>Always use the \u201chover over\u201d technique to check web links before clicking! For more security tips please visit our\u00a0<a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/security-tips\/\">Security Tips<\/a>\u00a0page.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>How It Looks Legitimate Attackers often copy familiar language and formatting to make their messages look official. In this case, the email: Impersonates the IT department by using \u201cIT Service Desk\u201d as the sender name and in the signature. References email security changes, which can sound like a normal IT update. Targets all university employees, [&hellip;]<\/p>\n","protected":false},"author":349,"featured_media":1500,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1499","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-phishing"],"_links":{"self":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1499","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/users\/349"}],"replies":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/comments?post=1499"}],"version-history":[{"count":3,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1499\/revisions"}],"predecessor-version":[{"id":1504,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1499\/revisions\/1504"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media\/1500"}],"wp:attachment":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media?parent=1499"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/categories?post=1499"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/tags?post=1499"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}