{"id":1544,"date":"2026-03-26T15:26:47","date_gmt":"2026-03-26T19:26:47","guid":{"rendered":"https:\/\/www.montclair.edu\/phish-files\/?p=1544"},"modified":"2026-03-26T15:26:47","modified_gmt":"2026-03-26T19:26:47","slug":"your-performance-self-evaluation-is-available-for-your-review","status":"publish","type":"post","link":"https:\/\/www.montclair.edu\/phish-files\/2026\/03\/26\/your-performance-self-evaluation-is-available-for-your-review\/","title":{"rendered":"Your Performance Self-Evaluation Is Available for Your Review"},"content":{"rendered":"<h2 data-section-id=\"d2r8t1\" data-start=\"518\" data-end=\"544\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.montclair.edu\/phish-files\/wp-content\/uploads\/sites\/290\/2026\/03\/Screenshot-2026-03-26-at-1.09.45-PM.png\" alt=\"The image shows a &quot;Let's prove you're human&quot; captcha screen with a &quot;Press and hold&quot; button, styled with an animated character.\" width=\"918\" height=\"413\" \/><\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.montclair.edu\/phish-files\/wp-content\/uploads\/sites\/290\/2026\/03\/Screenshot-2026-03-26-at-1.05.52-PM.png\" alt=\"The image shows a Google Sign-In page opened in a Firefox browser, prompting the user to enter their email or phone number.\" width=\"916\" height=\"451\" \/><\/p>\n<h2 data-section-id=\"d2r8t1\" data-start=\"518\" data-end=\"544\">Why This Looks Real<\/h2>\n<p data-start=\"546\" data-end=\"627\">This phishing email is especially convincing because it mimics real HR processes:<\/p>\n<ul data-start=\"629\" data-end=\"1198\">\n<li data-section-id=\"1gjra6r\" data-start=\"629\" data-end=\"748\"><strong data-start=\"631\" data-end=\"650\">Relevant timing<\/strong><br data-start=\"650\" data-end=\"653\" \/>Mentions of evaluation deadlines (like March 26th) align with real performance review cycles.<\/li>\n<li data-section-id=\"axgrot\" data-start=\"750\" data-end=\"892\"><strong data-start=\"752\" data-end=\"782\">Familiar system references<\/strong><br data-start=\"782\" data-end=\"785\" \/>The message references evaluation steps that resemble workflows in <span class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"><span class=\"whitespace-normal\">Workday<\/span><\/span>.<\/li>\n<li data-section-id=\"1popuf6\" data-start=\"894\" data-end=\"973\"><strong data-start=\"896\" data-end=\"915\">Personalization<\/strong><br data-start=\"915\" data-end=\"918\" \/>Includes your name to make the email feel legitimate.<\/li>\n<li data-section-id=\"1qpf6z2\" data-start=\"975\" data-end=\"1086\"><strong data-start=\"977\" data-end=\"998\">Professional tone<\/strong><br data-start=\"998\" data-end=\"1001\" \/>Uses structured language like \u201cSubmitted to Reviewer\u201d and \u201cSubmitted for Approval.\u201d<\/li>\n<li data-section-id=\"yb2wed\" data-start=\"1088\" data-end=\"1198\"><strong data-start=\"1090\" data-end=\"1113\">HR-style formatting<\/strong><br data-start=\"1113\" data-end=\"1116\" \/>Appears to come from an \u201cHR Admin\u201d with an official-looking notification format.<\/li>\n<\/ul>\n<h2 data-section-id=\"klxuch\" data-start=\"1205\" data-end=\"1228\">Why This Is Fake<\/h2>\n<p data-start=\"1230\" data-end=\"1288\">Despite looking legitimate, there are clear warning signs:<\/p>\n<ul data-start=\"1290\" data-end=\"1918\">\n<li data-section-id=\"13ej5dk\" data-start=\"1290\" data-end=\"1425\"><strong data-start=\"1292\" data-end=\"1311\">External sender<\/strong><br data-start=\"1311\" data-end=\"1314\" \/>The email comes from outside the university, even though HR communications should come from internal systems.<\/li>\n<li data-section-id=\"1gfihy1\" data-start=\"1427\" data-end=\"1519\"><strong data-start=\"1429\" data-end=\"1452\">Generic sender name<\/strong><br data-start=\"1452\" data-end=\"1455\" \/>\u201cHR Admin\u201d is vague and not tied to a real university contact.<\/li>\n<li data-section-id=\"1t62kya\" data-start=\"1521\" data-end=\"1691\"><strong data-start=\"1523\" data-end=\"1550\">Malicious link behavior<\/strong><br data-start=\"1550\" data-end=\"1553\" \/>The \u201cView Review\u201d link leads to:\n<ul data-start=\"1590\" data-end=\"1691\">\n<li data-section-id=\"wgwzxb\" data-start=\"1590\" data-end=\"1615\">A <strong data-start=\"1594\" data-end=\"1615\">fake CAPTCHA page<\/strong><\/li>\n<li data-section-id=\"1t43frs\" data-start=\"1618\" data-end=\"1691\">Followed by a <strong data-start=\"1634\" data-end=\"1656\">spoofed login page<\/strong> designed to steal your credentials<\/li>\n<\/ul>\n<\/li>\n<li data-section-id=\"6d52sm\" data-start=\"1693\" data-end=\"1815\"><strong data-start=\"1695\" data-end=\"1717\">Unexpected request<\/strong><br data-start=\"1717\" data-end=\"1720\" \/>Legitimate performance reviews are accessed directly through Workday\u2014not through email links.<\/li>\n<li data-section-id=\"ynwu78\" data-start=\"1817\" data-end=\"1918\"><strong data-start=\"1819\" data-end=\"1856\">No direct link to official system<\/strong><br data-start=\"1856\" data-end=\"1859\" \/>The URL does not match your institution\u2019s Workday domain.<\/li>\n<\/ul>\n<h2 data-section-id=\"1a8hm2w\" data-start=\"1925\" data-end=\"1949\">What You Should Do<\/h2>\n<p data-start=\"1951\" data-end=\"1979\">If you receive this message:<\/p>\n<ul data-start=\"1981\" data-end=\"2152\">\n<li data-section-id=\"nyf49t\" data-start=\"1981\" data-end=\"2008\">Do NOT click the link<\/li>\n<li data-section-id=\"1xid6k4\" data-start=\"2009\" data-end=\"2050\">Do NOT enter your login credentials<\/li>\n<li data-section-id=\"112wh0g\" data-start=\"2051\" data-end=\"2113\">Report it immediately using the <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Phish Alert Button (PAB)<\/a><\/li>\n<\/ul>\n<p data-start=\"2154\" data-end=\"2205\">If you already clicked or entered your information:<\/p>\n<ul data-start=\"2207\" data-end=\"2357\">\n<li data-section-id=\"1vdifdw\" data-start=\"2207\" data-end=\"2245\">Change your password immediately<\/li>\n<li data-section-id=\"1wmneb1\" data-start=\"2246\" data-end=\"2309\">Report it via the PAB<\/li>\n<li data-section-id=\"7g27pj\" data-start=\"2310\" data-end=\"2357\">Monitor your account for unusual activity<\/li>\n<\/ul>\n<h2>Additional Notes:<\/h2>\n<ul>\n<li><strong>Remember<\/strong><strong>:<\/strong>\u00a0Information Technology will never text you. We will also never request your password or Duo codes,\u00a0<strong>ever<\/strong>.<\/li>\n<li>Information Technology will\u00a0<strong data-start=\"1865\" data-end=\"1872\">not<\/strong>\u00a0ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.<\/li>\n<li>Do you think you\u2019ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at\u00a0<a href=\"tel:973-655-7971\" class=\"\"><span class=\"a11y-phone-number initialized\" aria-label=\"9 7 3  6 5 5  79 71 \">973-655-7971<\/span><\/a>\u00a0option 1 or email\u00a0<a href=\"mailto:itservicedesk@montclair.edu\">itservicedesk@montclair.edu<\/a>.<\/li>\n<li>Use the\u00a0<a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Knowbe4 Phish Alert Button (PAB)<\/a>\u00a0to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to\u00a0<a href=\"mailto:phishfiles@montclair.edu\">phishfiles@montclair.edu<\/a>.<\/li>\n<li>Always use the \u201chover over\u201d technique to check web links before clicking! For more security tips please visit our\u00a0<a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/security-tips\/\">Security Tips<\/a>\u00a0page.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Why This Looks Real This phishing email is especially convincing because it mimics real HR processes: Relevant timingMentions of evaluation deadlines (like March 26th) align with real performance review cycles. Familiar system referencesThe message references evaluation steps that resemble workflows in Workday. PersonalizationIncludes your name to make the email feel legitimate. Professional toneUses structured language [&hellip;]<\/p>\n","protected":false},"author":349,"featured_media":1545,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1544","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-phishing"],"_links":{"self":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1544","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/users\/349"}],"replies":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/comments?post=1544"}],"version-history":[{"count":2,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1544\/revisions"}],"predecessor-version":[{"id":1549,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1544\/revisions\/1549"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media\/1545"}],"wp:attachment":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media?parent=1544"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/categories?post=1544"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/tags?post=1544"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}