{"id":1242,"date":"2025-12-12T11:09:34","date_gmt":"2025-12-12T16:09:34","guid":{"rendered":"https:\/\/www.montclair.edu\/phish-files\/?p=1242"},"modified":"2026-02-16T13:20:45","modified_gmt":"2026-02-16T18:20:45","slug":"evaluation-season-has-begun-your-review-is-needed","status":"publish","type":"post","link":"https:\/\/www.montclair.edu\/phish-files\/2025\/12\/12\/evaluation-season-has-begun-your-review-is-needed\/","title":{"rendered":"Evaluation Season Has Begun- Your Review Is Needed"},"content":{"rendered":"<h2>\u00a0<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.montclair.edu\/phish-files\/wp-content\/uploads\/sites\/290\/2025\/12\/evaluation-2025-phish-landing.png\" alt=\"Screenshot of the fake form being utilized for the evaluation phish,\" width=\"755\" height=\"886\" \/><\/h2>\n<h2>Why this looks valid:<\/h2>\n<ul>\n<li>\n<p data-path-to-node=\"7,0,0\"><strong>Professional Tone and Language:<\/strong> The email uses formal, corporate-sounding language<\/p>\n<\/li>\n<li>\n<p data-path-to-node=\"7,1,0\"><strong>Contextually Relevant Subject:<\/strong> It ties the request to a normal, mandatory business process\u2014the <strong>Annual Employee Performance Evaluation<\/strong>\u2014which employees are conditioned to expect and complete.<\/p>\n<\/li>\n<li>\n<p data-path-to-node=\"7,2,0\"><strong>Clear Business Purpose:<\/strong> The email clearly states why the user must take action<\/p>\n<\/li>\n<\/ul>\n<h2>Why this is phishing?<\/h2>\n<ul>\n<li data-path-to-node=\"7,0,1,0,0\"><strong>Sender Not in Domain: <\/strong>An official, mandatory internal evaluation must come from an email address within our domain or Workday,\u00a0not an external sender.<\/li>\n<li data-path-to-node=\"7,0,1,0,0\"><strong>Requesting Credentials on a Google Form: <\/strong>This is the <strong>definitive sign of a scam\/credential harvest.<\/strong> Montclair will <strong>NEVER<\/strong> use an unsecured, public platform like Google Forms to collect sensitive information like your password. Logins are always handled through secure, internal portals.<\/li>\n<li data-path-to-node=\"7,0,1,0,0\"><strong>Vague Sign-Off: <\/strong>The email is missing a crucial element: <strong>who sent it?<\/strong><\/li>\n<\/ul>\n<h2 data-path-to-node=\"11\">User Guidance Summary: Protect Your Credentials<\/h2>\n<p data-path-to-node=\"12\">When reviewing any internal communication, advise your users to follow this simple checklist:<\/p>\n<ol start=\"1\" data-path-to-node=\"13\">\n<li>\n<p data-path-to-node=\"13,0,0\"><strong>Check the Sender&#8217;s Email Address: Is the domain correct?<\/strong> \u00a0If it&#8217;s outside our domain, it is likely a scam.<\/p>\n<\/li>\n<li>\n<p data-path-to-node=\"13,1,0\"><strong>Verify the Login Method: DO NOT<\/strong> enter your company email and password into any form (Google, Microsoft, etc.) that isn&#8217;t your recognized, official company login screen. <strong>Internal forms should never require your password.<\/strong><\/p>\n<\/li>\n<li>\n<p data-path-to-node=\"13,2,0\"><strong>Check the Sign-Off:<\/strong> If the email doesn&#8217;t clearly name the person or department responsible, be suspicious.<\/p>\n<ul data-path-to-node=\"13\">\n<li><strong>Quick Tip:<\/strong> Does the person signing off make sense? Does Joe Smith work at Montclair? Is Joe part of the department signing off? Does the sender and signature make sense?<\/li>\n<\/ul>\n<\/li>\n<li>\n<p data-path-to-node=\"13,2,0\"><strong>Verify with a Known Channel: <\/strong>If in doubt, <strong>do not reply or click the link. <\/strong>Instead, open a new email and message a known HR representative or your supervisor to verify the request.<\/p>\n<\/li>\n<\/ol>\n<h2>Additional Notes:<\/h2>\n<ul>\n<li>Do you think you&#8217;ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at <a href=\"tel:973-655-7971\">973-655-7971<\/a>\u00a0option 1 or email <a href=\"mailto:itservicedesk@montclair.edu\">itservicedesk@montclair.edu<\/a>.<\/li>\n<li>Use the <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Knowbe4 Phish Alert Button (PAB)<\/a> to report malicious emails directly to the Information Security team for review. If you are not using the Gmail client please forward the email to <a href=\"mailto:phishfiles@montclair.edu\">phishfiles@montclair.edu<\/a>.<\/li>\n<li>Always use the &#8220;hover over&#8221; technique to check web links before clicking! For more security tips please visit our <a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/security-tips\/\">Security Tips<\/a> page.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u00a0 Why this looks valid: Professional Tone and Language: The email uses formal, corporate-sounding language Contextually Relevant Subject: It ties the request to a normal, mandatory business process\u2014the Annual Employee Performance Evaluation\u2014which employees are conditioned to expect and complete. Clear Business Purpose: The email clearly states why the user must take action Why this is [&hellip;]<\/p>\n","protected":false},"author":349,"featured_media":1243,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1242","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-phishing"],"_links":{"self":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1242","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/users\/349"}],"replies":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/comments?post=1242"}],"version-history":[{"count":3,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1242\/revisions"}],"predecessor-version":[{"id":1383,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1242\/revisions\/1383"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media\/1243"}],"wp:attachment":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media?parent=1242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/categories?post=1242"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/tags?post=1242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}