Why this looks valid

• The email appears to be from the CIS Service desk.
• The subject line is the same format as valid notifications from CIS.
• The message contains a screenshot from Vassar’s new single-sign-on service, VassarOne.

Why this is phishing

• The link that launches from the attached PDF does not go to a Vassar site or any other service related to Vassar.
• Official messages from Vassar departments would not ask a user to click on an outside link to read a message.
• The outside link requires a generic “email id” login screen which does not resemble any Vassar College login screens.
• Misspellings, grammar errors, and strange sentence constructions are often indicators of malicious emails.
• We’ve seen this one before!  This phishing attack works the same way as this one:  http://pages.vassar.edu/catchoftheday/2017/01/11/important-announcement-from-president-jon-chenette/

Additional notes

• This is an extremely dangerous Phishing attempt. If you clicked on this link and may have completed the form, please contact the Service Desk immediately at x7224 or servicedesk@vassar.edu
• Always examine the link! Look at the information in your web browser to determine whether or not the site you are directed to is a Vassar site or an unknown (or suspicious) one.
• A phone call to the alleged sender would quickly verify if this is a legitimate email. It only takes a few minutes to pick up the phone!
• Report it as phishing to Google. Before deleting the message, make sure to click on “report phishing”.
• A little paranoia goes a long way! Be suspicious of any email messages similar to this one.