Why this looks valid
- The message appears to be from Vassar College.
- The explanation in the email seems legitimate.
Why this is phishing
- The originating email address is not from an internal Vassar account.
- Before taking the survey, the website asks for a password through a login screen that is not similar to any Vassar College service.
- The login screen is branded as “US Oncology Network Employee Authentication”.
- Any survey sent from HR or the President’s Office is preceded by an announcement email that clearly states where the survey is from and when it will be received; in this case no such initial email was sent.
Additional notes
- We’ve seen this one before. Criminals attempt the same tactics many times. Check this post from 2017: https://pages.vassar.edu/catchoftheday/2017/10/30/employee-engagement-feedback/
- This is an extremely dangerous Phishing attempt. If you clicked on this link and submitted your password, please contact the Service Desk immediately at x7224 or servicedesk@vassar.edu
- Always examine the link! Look at the information in your web browser to determine whether or not the site you are directed to is a Vassar site or an unknown (or suspicious) one.
- Report it as phishing to Google. Before deleting the message, make sure to click on “report phishing”.
- A little paranoia goes a long way! Be suspicious of any email messages similar to this one.
- Did you know: the best way to protect your accounts is by using multi-factor authentication. See our recent post here: http://pages.vassar.edu/catchoftheday/2017/06/29/best-practice-enabling-multi-factor-authentication-with-duo/