Phish Files
Abstract Aliens On Flying Saucers Northern Lights Lighthouse Mountains Water Tree Sun Background Gradient Unidentified Flying Object Ufo Stars Vector Design Style Landscape
Phish Files Articles
December 17, 2025

Chief Human Resources

Posted in: Spear Phishing

Phishing email going around posing as Human Resources.


Why this looks valid:

  • Urgency & Importance: It uses professional language regarding “accurate recordkeeping” and “University guidelines.”
  • Personalization: It includes a fake “Reference ID” to make the document seem specific to you.
  • Internal Domain: The email may appear to come from a montclair.edu address, making it seem “safe” at first glance.

Why this is phishing?

  • Sender Mismatch: While the display name says “Chief Human Resources,” the actual sender address is a random user within the domain who is not affiliated with HR.

  • Spoofed Subject Line: The subject line contains a manually typed email address (humanresources@montclair.edu) to mask the true sender.

  • Identity Error: The person named in the signature, Bernadette Bascom, is not the Chief Human Resources Officer for our institution.

  • Suspicious Link: HR will typically direct you to log in directly through the official Workday portal rather than providing a direct link to a “Statement” in an unsolicited email.

Immediate Steps to Take

  1. Do Not Click: If you receive this email, do not click the “View Your Compensation Statement” link.

  2. Report It: Use the Phish Alert Hook (PAB) to report this email directly to Information Security.

  3. Verify Sources: Always navigate to official portals (like Workday) via your bookmarks or the university homepage rather than clicking links in emails.

If You Already Clicked or Entered Credentials

If you clicked the link and entered your login information, please take the following actions immediately:

  • Duo Alerts: If you begin receiving suspicious or unexpected Duo push requests, deny them and reset your password immediately. This indicates an attacker is actively trying to use your stolen credentials.

  • Workday Monitoring: Check your Workday account for any unauthorized changes, specifically regarding your banking information or direct deposit settings.

  • Contact Us: If you see any unusual activity or receive weird emails regarding your account changes, use the Phish Alert Hook (PAB) and contact HR immediately.

Additional Notes:

  • Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
  • Use the Knowbe4 Phish Alert Button (PAB) to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to phishfiles@montclair.edu.
  • Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.