Why this looks valid
- The email appears to be from a service desk account
- The email presents itself as a standard Google Drive share, which community members use frequently
Why this is phishing
- The from address contains gmail.com
- The shared PDF just has an outgoing link to another sign-in form
- The sign-in form is not a Vassar login screen
- Note that the form clearly states at the bottom “never give out your password”
Additional notes
- This is an extremely dangerous phishing attempt. If you clicked on this link and filled in your credentials, please contact the Service Desk immediately at x7224 or servicedesk@vassar.edu.
- Report it as phishing to Google. Before deleting the message, make sure to click on “report phishing”.
- The form has a convenient link that says “report abuse”. The more people who report this phishing form the more likely it is to get removed.
- A little paranoia goes a long way! Be suspicious of any email messages similar to this one.
- Did you know: the best way to protect your accounts is by using multi-factor authentication. See our post here: http://pages.vassar.edu/catchoftheday/2017/06/29/best-practice-enabling-multi-factor-authentication-with-duo/