Why this looks valid
- The email appears to be from an IT Help Desk account
- The email presents itself as a standard Google Drive share, which community members use frequently
Why this is phishing
- The from address is gmail.com and is clearly not from a Vassar College email address
- The shared document just has an outgoing link to another sign-in form
- The sign-in screen looked like a Microsoft login but is not the standard Vassar College login for these services
Additional notes
- This is an extremely dangerous phishing attempt. If you clicked on this link and filled in your credentials, please contact the Service Desk immediately at x7224 or servicedesk@vassar.edu.
- Remember: our core services including Google, Workday, Moodle, Office365, Dropbox, and many others are only available through our VassarOne single-sign-on platform. If you see a login screen that does not look like ours, don’t put in your credentials!
- Report it as phishing to Google. Before deleting the message, make sure to click on “report phishing”.
- The shared document has a convenient link that says “report abuse”. The more people who report this phishing the more likely it is to get removed.
- A little paranoia goes a long way! Be suspicious of any email messages similar to this one.
- Did you know: the best way to protect your accounts is by using multi-factor authentication. See our post here: http://pages.vassar.edu/catchoftheday/2017/06/29/best-practice-enabling-multi-factor-authentication-with-duo/