fall leaves
News and Events

ALERT: Phishing scam targeting Montclair users

Posted in: Information Security

Montclair’s IT team has been working with the Bloomfield College campus IT team since yesterday to address a spear phishing email campaign targeting Bloomfield student accounts. As of last evening, we have seen evidence that a similar spear phishing attack is now also including Montclair faculty, staff, and student email addresses.

*These messages are fraudulent and should be deleted immediately*

The pattern that we have seen thus far are suspicious emails from an @bloomfield.edu sender address with a Subject of “WARNING: Overdue Fee“, “PAST DUE NOTICE“, or “URGENT: Signature Needed“. The message contains either a link to an external payment site or a link to download a document.

As always, we ask that you remain diligent in looking for the obvious signs of a fraudulent email and/or links to suspicious external sites. As a reminder:

– Do not trust links in email or texts, unless you are confident that you know and trust the sender. From your computer, you can use your mouse pointer to hover over a link to view the actual web address which should appear at the bottom of the browser window or in a pop-up. If the link looks unrelated or suspicious, do not click on it.

– Do not trust attachments that are unexpected or that have a suspicious name or file extension. Call the sender first to verify the attachment.

– Do not trust emails or texts from sources that you do not know. Look at both the display name and the email address of the sender, and see if you recognize them. Also be suspicious of prevalent spelling and grammar errors, false information such as incorrect department names, and requests for personal information or credentials.

PLEASE NOTE: Information Technology and other administrative and academic units will NEVER under any circumstances ask you to provide your password, social security number, protected health information, or other personal information in an email. ANY email you receive asking for such information, regardless of the alleged source, should be considered fraudulent and deleted immediately.

We thank you for your continued diligence in recognizing and avoiding phishing scams. For additional information about identifying and protecting yourself against phishing scams please visit the IT web site at:

https://www.montclair.edu/information-technology/security/phishing/