A few users have reported this event invitation phishing email that is making the rounds. The email comes from an Gmail account and is very vague about this invite. Hovering over the link shows an unusual URL that doesn’t relate to any commonly used invitation platforms. Clicking the link will lead to a Cloudflare captcha… Continue Reading
Announcements Archive
[PHISH] Employee Performance EvaIuation
We received reports this morning regarding a phish claiming to be an employee evaluation. The email came from a .edu domain but not a TCNJ address, and hovering over the link shows an unusual URL that would not typically be used to share files at TCNJ. Please always look for these signs before interacting with… Continue Reading
[PHISH] [SEND SECURE] Aetna ERA/EFT Cliams #0087710 – Attention Required – tcnj.edu
We were notified this morning regarding an email that is impersonating an Aetna claims email. The email address is not associated with Aetna nor is the link contained within the email. Clicking the link within the email will take you to another domain, also not Aetna related, which is a fake Sharepoint login page. Attempting… Continue Reading
[PHISH] talkk too shared “The College of New Jersey Promotion Approval” with you
We received reports this morning about a Sharepoint phish going around. The email does come from Microsoft’s Sharepoint mailservers, but looking more closely at the email we can see the company whose Sharepoint was compromised in order to launch this attack. See the circle areas in the screenshots below. Be sure to thoroughly read these… Continue Reading
[PHISH] Signature Request: Contract #RO-2018-894 – (March 16, 2026)
We’ve received reports this morning about another phishing campaign imitating our legal team. This one appears to be a contract renewal document, but the email sender address is not a DocuSign address. Even if it were, attackers often use DocuSign to host malicious documents containing additional links to evade detection. The word “Tcnj” is not… Continue Reading
[PHISH] Message From The college of new jersey_HR
We received reports of a QR code phishing attack earlier today imitating our HR department. The email contained no body and was merely and attachment that attempted to look like a formal TCNJ document. There are a number of markers within, such as odd wording, the use of the word “Corporate” in relation to policies,… Continue Reading
[PHISH] An Exclusive Invitation Just For You
We have received reports of an attack this morning that unfortunately succeeded in compromising at least one TCNJ account, which the attacker then utilized to send more emails and add a level of legitimacy to the appearance of the email. This is an unsolicited invitation email that, upon clicking the link contained within, will lead… Continue Reading
[PHISH] Item shared with you: “-TCNJ- Important Classification Compensation and Benefit System”
An employee impersonation email is making the round this morning. Attacker is leveraging the Google Forms environment to send a fake compensation document out. By using the Google infrastructure it appears legitimate and gets past any initial filters. Notice in the email body however the senders true email address is revealed. Please be thorough when… Continue Reading
[PHISH] Payment Request for new Invoice
We are seeing another round of emails impersonating President Bernstein this morning approving payments for fraudulent invoices. Please see email examples below. Note that despite the email addresses appearing in the email body as tcnj.edu addresses and blue links, if you hover over them (same as you would with URLs) in the bottom left the… Continue Reading
[PHISH] The College of New Jersey – Gusto Inc: Marketing Strategy Deployment
We received a few reports regarding a phishing email circulating that impersonates President Bernstein. In this novel attack, the sender is acting as the approver and including the false “initial email” and then copying people they think could initiate the transfer. Note that the sender’s email address is not President Bernstein’s TCNJ address, nor is… Continue Reading
[PHISH] Complete with Docusign: tcnj.edu Payments MSA Agreement – username.789901-01).docx
We received a report of a new DocuSign phishing email making the rounds. Note that the sender is not docusign.com and the link points to ad.doubleclick.net and not docusign.com. This is a tactic attackers use to obfuscate and redirect to a different landing page. See examples below. The landing page URL is not DocuSign or… Continue Reading
[PHISH] Action Required: Faculty MFA Enrollment
We received reports of an email targeting our users claiming to roll out MFA. TCNJ has used Duo MFA for some time now. Things to note regarding this attack: The sender address is not a tcnj.edu address. The link in the email points to a non tcnj.edu domain. The landing page contains no TCNJ branding… Continue Reading
[PHISH] EmpIoyee Performance EvaIuation
We received reports of an email sent to a number of users that claimed to contain employee performance evaluations. The email comes from an .edu address but not a TCNJ one, and uses language to indicate urgency. Also the link goes to a Jotform form imitating a login page. Also note the word “PASSWORD” is… Continue Reading
[PHISH] Hello, Review 2025 Salary Adjustment Payroll & Updated Team Benefit-Bonus_For Your Approval Ref:-I8eFAqdNgSV5P80J9SWYZIy3Kma62Y
We received a report regarding another phishing email that attempted to get users to scan a QR code to visit a malicious site that tries to harvest users’ credentials. See example below. Note that the email does not come from a TCNJ.edu address, as well as the odd capitalization used. Be cautious of unfamiliar emails… Continue Reading
[PHISH] Text Message About Closing Email Account
We have received reports that TCNJ users are receiving text messages claiming to be from the help desk about a request that the user close their school email address. The TCNJ help desk will not contact you about matters such as this via text message. Note in the screenshots below, the phone number does not… Continue Reading
[PHISH] July 2025 Salary Settlement_Approval Ref:-glY0Q4bUaNvfwrKclfGjyhoCYiubUB
We have received reports of a phishing email using a QR code to attempt to get users to follow a link to a fake Microsoft login page that will harvest user’s credentials. The email imitates TCNJ but does not come from a TCNJ email account. Scanning the QR code will lead to a fake captcha… Continue Reading
[PHISH] Review Completed: Tcnj management Settlement Agreement i
A phishing email utilizing an attachment with a QR code in it has been reported. The subject tries to engage the curiosity of the reader and prompt them to scan a QR code which leads to a malicious domain. This page will prompt the user to enter their credentials to view a document with the… Continue Reading
[PHISH] Salary Increment Letter – Effective June
We have received reports of a QR code phishing scheme claiming to contain details of a pay increase. Screenshots are below. The email utilizes an attachment that contains a QR code and prompts the user to scan it to view details. The link takes the user to a false Microsoft login page which prompts for… Continue Reading
[PHISH] Amended The College Of New Jersey Handbook Updated Policy
We received reports of a phishing email that claimed to contain an updated handbook for TCNJ. The email address of the sender is not a TCNJ address, which is a clear indicator that this is not legitimate. The attached PDF document contains a QR code that leads to a fake Microsoft login page; the URL… Continue Reading
[PHISH] Immediate Action Require: MFA System Upgrade
We received reports of an email utilizing a QR code attachment imitating TCNJ and warning of account lockout. Note the email did not come from a tcnj.edu email address and the entire email was an attachment. The QR code (if scanned) does not lead to a tcnj.edu website. Do not reply to the sender nor… Continue Reading
[PHISH] [TCNJ: Information Security Advisory] 2FA Authentication!
A number of users received a QR code phishing email this morning impersonating TCNJ. Note that the email originated from a Gmail account and not a TCNJ email address. The entire email body was an image rather than text, which attackers use to bypass filters. Do not scan the QR code. The landing page for… Continue Reading
[PHISH] Text Message Phish about Shutting Down Email
We’ve received some reports regarding another text message attack impersonating our help desk. Be aware our TCNJ Help Desk will not contact you via text message. You should also note that the area code of the phone number is outside the NJ area. Another point is that the attacker uses a sense of urgency in… Continue Reading
[PHISH] Chris Hann shared “HannWriting Inc.2025-03-18 14.07.29.pdf” with you
We are receiving reports of a phishing email utilizing Dropbox as a conduit to attempt to get users to download a malicious PDF. See example email below. Attackers often will use 3rd party services such as Dropbox to host malicious files and bypass spam filters. Be cautious of any file sharing links that you are… Continue Reading
[PHISH] Q1 Employee Handbook|Policy Reviews-88638-ZHDN-NHHD-UPQN
We have received reports about an attacker impersonating our HR department. See example email below. Note that the sender email address is not a tcnj.edu address. Hovering over the link also shows an unusual URL destination. The email also uses a TCNJ logo and enticing wording to attempt to lure people into clicking the link. … Continue Reading
[PHISH] You sent a payment (from PayPal)
We are receiving reports of a PayPal scam being sent to TCNJ users. The attacks leverage compromised PayPal accounts to send false money transfers and requests and include a false phone number to contact regarding the transfer. Note that the phone number substitutes digits for letters to attempt to evade filtering. Do not call this… Continue Reading