A few users have reported this event invitation phishing email that is making the rounds. The email comes from an Gmail account and is very vague about this invite. Hovering over the link shows an unusual URL that doesn’t relate to any commonly used invitation platforms. Clicking the link will lead to a Cloudflare captcha…
The Information Technology Security Program intends to protect Internet and Information Technology systems resources and assure their availability to support all of the College’s operations.
View our latest guidelines for Working Remotely
Join us at 10AM on the 2nd Friday of every month for a virtual informal cybersecurity discussion. Learn More
Cybersecurity Alerts
Get alerts about the latest cybersecurity threats and ask questions about any security related topics.
[PHISH] Employee Performance EvaIuation
We received reports this morning regarding a phish claiming to be an employee evaluation. The email came from a .edu domain but not a TCNJ address, and hovering over the link shows an unusual URL that would not typically be used to share files at TCNJ. Please always look for these signs before interacting with…
[PHISH] [SEND SECURE] Aetna ERA/EFT Cliams #0087710 – Attention Required – tcnj.edu
We were notified this morning regarding an email that is impersonating an Aetna claims email. The email address is not associated with Aetna nor is the link contained within the email. Clicking the link within the email will take you to another domain, also not Aetna related, which is a fake Sharepoint login page. Attempting…
[PHISH] talkk too shared “The College of New Jersey Promotion Approval” with you
We received reports this morning about a Sharepoint phish going around. The email does come from Microsoft’s Sharepoint mailservers, but looking more closely at the email we can see the company whose Sharepoint was compromised in order to launch this attack. See the circle areas in the screenshots below. Be sure to thoroughly read these…
[PHISH] Signature Request: Contract #RO-2018-894 – (March 16, 2026)
We’ve received reports this morning about another phishing campaign imitating our legal team. This one appears to be a contract renewal document, but the email sender address is not a DocuSign address. Even if it were, attackers often use DocuSign to host malicious documents containing additional links to evade detection. The word “Tcnj” is not…
[PHISH] Message From The college of new jersey_HR
We received reports of a QR code phishing attack earlier today imitating our HR department. The email contained no body and was merely and attachment that attempted to look like a formal TCNJ document. There are a number of markers within, such as odd wording, the use of the word “Corporate” in relation to policies,…
[PHISH] An Exclusive Invitation Just For You
We have received reports of an attack this morning that unfortunately succeeded in compromising at least one TCNJ account, which the attacker then utilized to send more emails and add a level of legitimacy to the appearance of the email. This is an unsolicited invitation email that, upon clicking the link contained within, will lead…
[PHISH] Item shared with you: “-TCNJ- Important Classification Compensation and Benefit System”
An employee impersonation email is making the round this morning. Attacker is leveraging the Google Forms environment to send a fake compensation document out. By using the Google infrastructure it appears legitimate and gets past any initial filters. Notice in the email body however the senders true email address is revealed. Please be thorough when…
[PHISH] Payment Request for new Invoice
We are seeing another round of emails impersonating President Bernstein this morning approving payments for fraudulent invoices. Please see email examples below. Note that despite the email addresses appearing in the email body as tcnj.edu addresses and blue links, if you hover over them (same as you would with URLs) in the bottom left the…
[PHISH] The College of New Jersey – Gusto Inc: Marketing Strategy Deployment
We received a few reports regarding a phishing email circulating that impersonates President Bernstein. In this novel attack, the sender is acting as the approver and including the false “initial email” and then copying people they think could initiate the transfer. Note that the sender’s email address is not President Bernstein’s TCNJ address, nor is…