Information Technology Division
Image of a circle

Phishing Information

Return to Information Security Home

Phishing is a type of scam designed to trick individuals into revealing personal information, such as credit card details, bank account numbers, Social Security numbers, or passwords. These scams often aim to install malware or compromise computer systems, leading to potential security risks.

Did you hear about the Phish Files? Check out our new site!

It’s the place to be when cyberspace gets a little phishy.

I provided personal information! What do I do?

      1. If you received the email via your MSU account, report it immediately to phishfiles@rpybbk.com or by using the Knowbe4 PAB.
      2. Was it banking information? If so, contact your bank immediately. Please note: If the scammer provides you with a fake check do not deposit it.
      3. Did you provide your Social Security Number (SSN) to a scammer? File a report with the Federal Trade Commission.
        • Have more questions about Fraud? Please visit the Federal Trade Commission Report Fraud page.
How do I report a phishing message?

      1. Forward the email or send screenshots to phishfiles@rpybbk.com.
        • If the scam you received was via text (smishing), please send screenshots of your text conversation.
      2. Use the Phishing Alert Button (PAB)
Types of Phishing Attacks

  • Spearphishing: Targets an individual by including key information about them
  • Whaling: Targeted at a high-profile individual to steal sensitive and high-value information
  • Vishing: Targeted via voice communication to entice the victim to engage in conversation and build trust
  • Smishing: Targeted via text messages to get the victim to click on a link, download files and applications, or begin a conversation

Want to see some examples of phishing? Visit the Phish Files for some real phish we’ve caught!

Tips for Identifying a Phishing Attack

  • Check the Sender – Look for strange or misspelled email addresses. If it seems off, don’t trust it.
    • Is the MSU user supposed to send you this? No? The account is most likely compromised.
  • Watch for Urgency – Scammers try to rush you with urgent messages like “Your account will be locked!”
  • Look for Bad Grammar & Spelling – Phishing emails often have typos or awkward wording.
  • Hover Over Links – Don’t click! Hover over links to see if they lead to a suspicious website.
    • From a computer, move your mouse pointer over a link without clicking. The actual web address of the link should appear at the bottom of the browser window or in a pop-up.
    • From a mobile device running iOS (Apple) or an Android OS, you can evaluate embedded links by pressing and holding the link down with your finger or stylus. A pop up dialog should appear and then let go. The dialog should show the full URL of the embedded link and other options.
  • Verify Unexpected Attachments – If you weren’t expecting an attachment, don’t open it—it could contain malware.
  • Weird Requests – Montclair State University will not ask for your Social Security Number (SSN) via email.
  • Call Me Request – Check a reference source such as company websites to obtain a phone number.
SPAM vs. Phishing - The Big Debate?

Spam = Annoying but mostly harmless. These are unwanted emails, often from marketers or shady senders, trying to sell you something (fake deals, miracle cures, etc.).

Phishing = Dangerous and deceptive. These emails try to trick you into giving up personal info (passwords, credit card details) or clicking malicious links that install malware.

How to Tell the Difference:
Spam → Usually just junk, like excessive ads or sketchy promotions.
⚠️ Phishing → Pretends to be from a trusted source (your bank, school, or a service you use) and pressures you to take action (click, log in, or provide info).

Bottom Line: Spam is annoying; phishing is a scam. If an email asks for sensitive info or seems too urgent, don’t click—report it!

Still unsure about the big debate? Check out the Phish Files for recent active phish that have hit campus!