[Name] shared staff performance and evaluation forms

Why this looks valid:

• Email states that it is coming from a faculty/staff member that would have access to these type of files.
• Email links to a legitimate MSU email address within the body of the email.
• Link within email body links to a forms page supported by Microsoft 365.

Why this is phishing?

• Email is not coming from an official MSU email
• Link on form page is coming from another countries domain (i.e. .ru, .de, .jp, etc.)
• Once the link within the form page is accessed the user is prompted to authenticate via Google in order to gain access to the PDF containing a malicious payload.

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.