{"id":562,"date":"2025-05-16T09:00:16","date_gmt":"2025-05-16T13:00:16","guid":{"rendered":"https:\/\/www.montclair.edu\/phish-files\/?p=562"},"modified":"2025-05-14T12:40:41","modified_gmt":"2025-05-14T16:40:41","slug":"looks-legit-feels-sketchy-the-deceptive-art-of-phishy-familiarity","status":"publish","type":"post","link":"https:\/\/www.montclair.edu\/phish-files\/2025\/05\/16\/looks-legit-feels-sketchy-the-deceptive-art-of-phishy-familiarity\/","title":{"rendered":"Looks Legit, Feels Sketchy: The Deceptive Art of Phishy Familiarity"},"content":{"rendered":"<p><span style=\"font-weight: 400\">Phishing attacks are becoming more sophisticated\u2014and more convincing. One of the most effective tactics cybercriminals use is <\/span><strong>familiarity<\/strong><span style=\"font-weight: 400\">. They craft emails, forms, and websites to look like services you know and trust: your university, Google, or popular tech platforms. Their goal? Trick you into clicking, entering sensitive information, or downloading malicious content.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Here\u2019s how they do it\u2014and how you can protect yourself.<\/span><\/p>\n<h2>1. Mimicking University Branding<\/h2>\n<p><span style=\"font-weight: 400\">Attackers often impersonate university departments, faculty, or IT support. A phishing email may include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><strong>Official logos and signatures<\/strong><span style=\"font-weight: 400\"> copied from real university emails<\/span><\/li>\n<li style=\"font-weight: 400\"><strong>\u201cFrom\u201d addresses<\/strong><span style=\"font-weight: 400\"> that look almost correct (e.g., <\/span><strong>helpdesk@montclair.edu<\/strong><span style=\"font-weight: 400\"> instead of <\/span><strong>itservicedesk@montclair.edu<\/strong><span style=\"font-weight: 400\">)<\/span><\/li>\n<li style=\"font-weight: 400\"><strong>Urgent language<\/strong><span style=\"font-weight: 400\"> like \u201cYour account will be deactivated\u201d or \u201cImmediate action required\u201d<\/span><\/li>\n<li style=\"font-weight: 400\"><strong>Links to fake login pages<\/strong><span style=\"font-weight: 400\"> designed to steal your NetID and password<\/span><\/li>\n<\/ul>\n<p><strong>Example:<\/strong><\/p>\n<p><span style=\"font-weight: 400\">Subject: \u201cURGENT: Account Access Suspended\u201d<\/span><span style=\"font-weight: 400\"><br \/>\n<\/span><span style=\"font-weight: 400\"> From: helpdesk-support@universty.edu<\/span><\/p>\n<p><span style=\"font-weight: 400\">\u201cDue to recent activity, your university email account has been flagged. Please verify your identity here: [Fake URL]\u201d<\/span><\/p>\n<p><strong>Tip:<\/strong><span style=\"font-weight: 400\"> Hover over links to see where they really go before clicking. If in doubt, go to the MSU website directly.<\/span><\/p>\n<p style=\"text-align: center\"><span style=\"color: #000000\"><strong>ÌÇÐÄvlog will never ask for your password or personal information via email. Always verify the sender&#8217;s email address before clicking on links or opening attachments.<\/strong><\/span><\/p>\n<h2>2. Misusing Google Forms and Docs<\/h2>\n<p><span style=\"font-weight: 400\">Google Forms are a tool many students and staff use for surveys, RSVPs, and class collaboration. Attackers know this\u2014and they use it to their advantage.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><strong>Fake surveys<\/strong><span style=\"font-weight: 400\"> that appear to come from your professor or department<\/span><\/li>\n<li style=\"font-weight: 400\"><strong>\u201cScholarship\u201d or \u201cJob offer\u201d forms<\/strong><span style=\"font-weight: 400\"> asking for your login or personal info<\/span><\/li>\n<li style=\"font-weight: 400\"><strong>Docs shared via email<\/strong><span style=\"font-weight: 400\"> that redirect to malicious websites<\/span><\/li>\n<li style=\"font-weight: 400\"><strong>Fake login pages<\/strong><span style=\"font-weight: 400\"> asking for your 2FA codes and login credentials<\/span><span style=\"font-weight: 400\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><strong>Example:<\/strong><\/p>\n<p><span style=\"font-weight: 400\">\u201cDr. Smith has shared a document with you: <\/span><em><span style=\"font-weight: 400\">2025 Summer Internship Opportunities<\/span><\/em><i><span style=\"font-weight: 400\"><br \/>\n<\/span><\/i><span style=\"font-weight: 400\"> Open here: [Google Docs link]\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400\">(The link opens a document with another link to a fake login page.)<\/span><\/p>\n<p><strong>Tip:<\/strong><span style=\"font-weight: 400\"> If a form or shared document asks for your username and password, that\u2019s a red flag. Google Forms should <\/span><strong>never<\/strong><span style=\"font-weight: 400\"> request your login credentials.<\/span><\/p>\n<h2>3. Using Real Service Names<\/h2>\n<p><span style=\"font-weight: 400\">Phishers regularly impersonate trusted tech platforms like:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><strong>Google (Gmail, Drive, Forms)<\/strong><\/li>\n<li style=\"font-weight: 400\"><strong>Microsoft (Outlook, OneDrive, Teams)<\/strong><\/li>\n<li style=\"font-weight: 400\"><strong>Zoom, Dropbox, Adobe, etc.<\/strong><br \/>\n<b><br \/>\n<\/b><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">They may send fake alerts about:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">\u201cNew login from an unknown device\u201d<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">\u201cYou\u2019ve reached your email storage limit\u201d<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">\u201cVoicemail waiting\u201d or \u201cShared document access\u201d<\/span><\/li>\n<\/ul>\n<p><strong>Example:<\/strong><\/p>\n<p><span style=\"font-weight: 400\">Subject: \u201c\u26a0 Your Google Account Storage Is Full\u201d<\/span><span style=\"font-weight: 400\"><br \/>\n<\/span><span style=\"font-weight: 400\"> Body: \u201cYour Gmail storage has reached 99%. View and manage your files here: [Fake Link]\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400\">Even when the message looks like it\u2019s from Google, it may not be. Look for signs like poor grammar, suspicious links, or mismatched domains.<\/span><\/p>\n<p><strong>Tip:<\/strong><span style=\"font-weight: 400\"> Don\u2019t trust an email just because it says \u201cGoogle\u201d or \u201cMicrosoft.\u201d Always check where the link leads and verify alerts through your actual account.<\/span><\/p>\n<h2><strong>How to Protect Yourself<\/strong><\/h2>\n<ol>\n<li style=\"font-weight: 400\"><strong>Pause and think.<\/strong><span style=\"font-weight: 400\"> If something feels off, it probably is.<\/span><\/li>\n<li style=\"font-weight: 400\"><strong>Check the sender\u2019s address carefully.<\/strong><span style=\"font-weight: 400\"> Small changes can indicate a fake.<\/span><\/li>\n<li style=\"font-weight: 400\"><strong>Hover over links.<\/strong><span style=\"font-weight: 400\"> Don\u2019t click unless you\u2019re sure it\u2019s legitimate.<\/span><\/li>\n<li style=\"font-weight: 400\"><strong>Don\u2019t enter your password on unfamiliar pages.<\/strong><span style=\"font-weight: 400\"> If prompted unexpectedly, double-check by visiting the official site directly.<\/span><\/li>\n<li style=\"font-weight: 400\"><strong>Report suspicious messages.<\/strong><span style=\"font-weight: 400\"> Use the <\/span><strong><a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">PAB button<\/a><\/strong><span style=\"font-weight: 400\"> to easily report. Can\u2019t find the PAB? Forward the email directly to <\/span><strong><a href=\"mailto:phishfiles@montclair.edu\">phishfiles@montclair.edu<\/a><\/strong><span style=\"font-weight: 400\">. <\/span><\/li>\n<\/ol>\n<h2><strong>If You\u2019re Ever Unsure, Ask Us<\/strong><\/h2>\n<p><span style=\"font-weight: 400\">Our <\/span><a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/\">Information Security<\/a><span style=\"font-weight: 400\"> team is here to help. You can use the <\/span><a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">PAB button<\/a><span style=\"font-weight: 400\"> or forward the email directly to <\/span><a href=\"mailto:phishfiles@montclair.edu\">phishfiles@montclair.edu<\/a><span style=\"font-weight: 400\">. We\u2019d rather check and confirm than have someone fall victim to a scam.<\/span><\/p>\n<p><span style=\"font-weight: 400\">If you have any questions or concerns, please feel free to <\/span><span style=\"font-weight: 400\">contact the <\/span><a href=\"https:\/\/www.montclair.edu\/information-technology\/it-service-desk\/\">IT Service Desk<\/a><span style=\"font-weight: 400\"> or your <\/span><strong><a href=\"https:\/\/www.montclair.edu\/information-technology\/it-service-desk\/academic-unit-support\/\">local academic technology team<\/a><\/strong><span style=\"font-weight: 400\">.<\/span><\/p>\n<p style=\"text-align: center\"><strong>Remember: Just because it looks familiar doesn\u2019t mean it\u2019s safe.<\/strong><\/p>\n<h2>Want To Know More?<\/h2>\n<p><span style=\"font-weight: 400\">Bleeping Computer | <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/massive-phishing-campaign-uses-6-000-sites-to-impersonate-100-brands\/?utm_source=chatgpt.com\">Massive phishing campaign uses 6,000 sites to impersonate 100 brands<\/a><\/span><\/p>\n<p><span style=\"font-weight: 400\">Check Point | <a href=\"https:\/\/blog.checkpoint.com\/research\/check-point-research-unveils-q3-2024-brand-phishing-trends-microsoft-remains-most-imitated-brand-as-alibaba-and-adobe-enter-top-10\/\">Check Point Research Unveils Q3 2024 Brand Phishing Trends: Microsoft Remains Most Imitated Brand as Alibaba and Adobe Enter Top 10<\/a><\/span><\/p>\n<p><span style=\"font-weight: 400\">Cisco Talos | <a href=\"https:\/\/blog.talosintelligence.com\/from-trust-to-trickery-brand-impersonation\">From trust to trickery: Brand impersonation over the email attack vector<\/a><br \/>\n<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Phishing attacks are becoming more sophisticated\u2014and more convincing. One of the most effective tactics cybercriminals use is familiarity. They craft emails, forms, and websites to look like services you know and trust: your university, Google, or popular tech platforms. Their goal? Trick you into clicking, entering sensitive information, or downloading malicious content. Here\u2019s how they [&hellip;]<\/p>\n","protected":false},"author":349,"featured_media":222,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[],"class_list":["post-562","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/562","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/users\/349"}],"replies":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/comments?post=562"}],"version-history":[{"count":4,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/562\/revisions"}],"predecessor-version":[{"id":566,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/562\/revisions\/566"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media\/222"}],"wp:attachment":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media?parent=562"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/categories?post=562"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/tags?post=562"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}