Why This Email May Look Legitimate

• Use of Official Names: The email mentions BMTX (BankMobile), a service many universities actually use for disbursements.

• Specific Dollar Amounts: Using a precise figure like $1,367.64 creates a sense of realism and urgency.

• Professional Formatting: It includes standard boilerplate language about “Identity Theft” and “Customer Service” to mimic a security-conscious organization.

Signs This Email Is Phishing

• Generic Greeting: Addressing the recipient as “Dear Student” instead of using a specific name is a major red flag for official financial communications.

• External Senders: The email originates from non-university addresses and non-BMTX domains.

• Nonsensical Procedures: The email asks you to update information with the IT Department to receive Financial Department funds. In a real scenario, the IT department does not handle student banking or tuition refunds.

• Hosted on Public Forms: The link leads to a Microsoft Forms page. Official banking or university business will always be conducted through a secure, proprietary portal, never a free public form tool (like Google Forms or Microsoft Forms).

• Punctuation and Grammar: Random capitalization (e.g., “All funds,” “Verify and Update”) and awkward phrasing are common in phishing templates.

Risks of Clicking the Link

If you click the link and fill out the form, you are handing your sensitive data directly to cybercriminals.

Risks include:

• Financial Theft: Providing your banking information allows attackers to drain your accounts.

• Identity Theft: Providing your name, phone number, and password can be used to hijack your university account or open fraudulent credit lines.

• Credential Harvesting: If you use the same password for this “form” as you do for your university login, attackers can gain access to your student records and personal emails.

What Should You Do?

1. Do not click any links or provide any information.

2. Report the email via the Knowbe4 Phish Alert Button (PAB).

3. Do听not approve any Duo MFA requests you did not initiate.

Additional Notes

• Remember:听Information Technology will never text you. We will also never request your password or Duo codes,听ever.
• Information Technology will听not听ask you to verify accounts or submit passwords through unofficial forms or unexpected email links.
• Do you think you鈥檝e fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at听973-655-7971听option 1 or email听itservicedesk@montclair.edu.
• Use the听Knowbe4 Phish Alert Button (PAB)听to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to听phishfiles@montclair.edu.
• Always use the 鈥渉over over鈥� technique to check web links before clicking! For more security tips please visit our听Security Tips听page.

Why this looks valid:

• 听Trusted Sender: It comes from a @montclair.edu email address, making it look like a real internal message from the university.
• Great Deal: It offers an easy, work-from-home job with high pay, appealing directly to users who need money and flexible hours.
• Pressure to Act: It uses urgent language (“Don’t miss out”) to make you click the link fast before you stop to check if it’s real.

Why this is phishing?

• Inconsistent Pay: The email states “$550” and “($300.25)” in the same line. Legitimate job offers do not have contradictory pay rates.

• Vague Job Details: The job is described generically as “fun, rewarding, and flexible” with no mention of specific duties, the hiring department, or the actual position title.

• Unprofessional Contact: It directs you to apply via a link and wait for a text from a generic name.

• Suspicious Link: A legitimate university job would link to an official HR portal, not a generic, unsecured “CLICK HERE TO APPLY NOW” link.

• Poor Grammar/Formatting: The capitalization, excessive spacing, and overly informal tone are typical hallmarks of mass phishing attempts.

• Urgency and Pressure: The language is designed to create a panicked sense of urgency (“Don’t miss out”) to make you click without thinking.

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971听option 1 or email itservicedesk@montclair.edu.
• Use the Knowbe4 Phish Alert Button (PAB) to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to phishfiles@montclair.edu.
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

• Sender is a 精品成人福利在线 University email address

Why this is phishing?

• Email attempts to get users to contact someone via text message to transition the attack away from email to continue the attack.
• Email is too good to be true.
• Attacker will switch to a text conversation to get the victim to provide money for shipping.
• Attacker uses the line, “THIS EMAIL WILL BE AUTOMATICALLY REMOVED FROM YOUR INBOX ONCE ALL REQUESTED ITEMS HAVE BEEN SENT OUT.” This is to causes a sense of urgency for you to ACT FAST.听

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971听option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

Why this looks valid:

• Provides what looks to be realistic job information
• Email body states it’s coming from a foundation

Why this is phishing?

• Multiple subject line(s), sender(s), and link(s).
  • Congratulations
  • Earn Remotely
  • Urgent Update
  • Earn $ Working Remotely
  • FYI
  • Re:FYI
  • Re:Earn 350 a week
• Email address is a random external sender.
• Link is to a Google Form asking for information
  • 听Never provide your password(s) or Duo MFA code(s) to anyone, including Information Technology. We will never ask you.

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971听option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

Why this looks valid:

• Sender is coming from an 精品成人福利在线 University account. (Compromised Account)
• Email says it’s coming from the recruitment office.

Why this is phishing?

• All jobs available at 精品成人福利在线 University will be posted on Handshake via Career Services.
• Too good to be true email trying to get users to provide personal information.
• Google Form asks for personal information including your credit limit, banking information and your home address.
• Email informs the victim to contact a random external email address. This is done to avoid our systems from detecting them.

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971听option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

• Has 精品成人福利在线 University logo.
• Has the MSU location.
• States to email a faculty member on a personal email address.

Why this is phishing?

• Sender changes with each send and are external
• Attacker points user to an external email address and then an additional email address.
• All job offers at MSU go through Handshake.
• Office of Job Placement and Student Services is not legitimate.
• Additional subjects are seen.

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971听option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

Information Security has received reports of a new phishing campaign targeting members of our campus community. Attackers are impersonating faculty, staff, and other trusted individuals by email and asking recipients to share their personal phone numbers. These messages are often brief and vague, such as:

“What鈥檚 your cell phone number?”

These emails are designed to seem urgent and personal, creating a false sense of trust by using the names and email formats of real campus members鈥攕ometimes even spoofing display names to match known contacts.

Alert: This is the start of a gift card smishing attack

Once a victim replies with their phone number, the attacker typically follows up via text message (SMS). The next stage often involves a request to purchase gift cards (like Apple, Google Play, Steam or Amazon cards) under the pretense of a favor or emergency. Victims may be asked to take photos of the cards and send the codes back via text. This is known as a smishing (SMS phishing) attack.

How to Recognize and Respond to These Attacks:

• Unusual Requests: Legitimate university employees will not ask for your personal phone number or gift card purchases via email or text 
• Check the Email Address: Even if the name looks familiar, check if the sender’s email address matches the person’s real university address 
• Don’t Respond or Click: Do not reply to suspicious messages, provide your phone number, or click on links in these emails 
• Report It: Use the PAB button or forward the email/screenshots to phishfiles@montclair.edu 

What You Can Do:

• Stay Skeptical: If a request seems odd, especially if it involves urgency, secrecy, or money鈥攙erify it through another channel 
• Protect Your Info: Never give out your personal contact details, passwords, or payment information in response to unsolicited emails or texts 
• Let Spam Stay Spam: Let Google do the heavy lifting and keep Spam messages in Spam

If You Fall For This Scam

• • Report the gift card scam: Contact the gift card company right away

• Ask for your money back: In some cases the gift card companies might give your money back

• Report It: Make sure to report it to the听

Want To Know More?

Federal Trade Commission |

CNBC |

Apple |

Google |

Why this looks valid:

• Email subject states it’s about financial aid disbursement
• Email attachment shows legitimate link used by Bank Mobile

Why this is phishing?

• Email is blank besides an attachment
• The sender’s email address(es) is/are external and not associated with Montclair
• When using the hover over method, you can see that the link within the attachment directs somewhere else
• Montclair/Bloomfield will never request your NetID and password. This tactic is being used to gain access to your account(s)
• Spelling Errors: In some sending the attacker spells disbursement incorrectly
• Subject consistently changes but contains any of the following: Bank Mobile, Disbursement, Financial Aid Department or Your $5,450.94 From 精品成人福利在线 University Is Awaiting For You From Bankmobile
• Sense of Urgency: “strictly adhere to and resolve it within 24 hours”.

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971听option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

• Email name is coming from an MSU community member
• Email states someone is donating items
• Email has a legitimate faculty member in the body

Why this is phishing?

• Email has a vague greeting
• Email address is external
• Too good to be true situation
• Email body points to external email address use
• Random capitalization of letter throughout email (i.e. And Not With School Email)

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971听option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.

Why this looks valid:

• Email is coming from a compromised MSU account
• Email states it’s coming from a charity

Why this is phishing?

• Email has a vague greeting
• Email looks too good to be true
• Link is to a Google Form asking for personal information

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971听option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.