Why this looks valid

• The email appears to be from an IT Help Desk account
• The email presents itself as a standard Sharepoint share, which community members use frequently

Why this is phishing

• The from address is sharepointonline.com and is clearly not from a Vassar College email address
• The shared document just has an outgoing link to another sign-in form
• The sign-in screen looked like a Microsoft login but is not the standard Vassar College login for these services

Additional notes

• This is an extremely dangerous phishing attempt. If you clicked on this link and filled in your credentials, please contact the Service Desk immediately at x7224 or servicedesk@vassar.edu.
• Remember:  our core services including Google, Workday, Moodle, Office365, Dropbox, and many others are only available through our VassarOne single-sign-on platform.  If you see a login screen that does not look like ours, don’t put in your credentials!
• Report it as phishing to Google. Before deleting the message, make sure to click on “report phishing”.
• A little paranoia goes a long way! Be suspicious of any email messages similar to this one.
• Did you know: the best way to protect your accounts is by using multi-factor authentication. See our post here: http://pages.vassar.edu/catchoftheday/2017/06/29/best-practice-enabling-multi-factor-authentication-with-duo/