Why this looks valid

• The email appears to be from Elizabeth Bradley, the Vassar College president.
• The college is working on an all-campus Priorities and Planning initiative, which is similar to a Strategic Plan as noted in the subject line.

Why this is phishing

• The link that launches from the attached PDF does not go to a Vassar site or any other service related to Vassar.
• The outside link requires a generic “email id” login screen which does not resemble any Vassar College login screens.
• We’ve seen this one before! A very similar one was circulated in May, 2017: http://pages.vassar.edu/catchoftheday/2017/05/11/important-announcement-from-president-jonathan-l-chenette/

Additional notes

• This is an extremely dangerous Phishing attempt. If you clicked on this link and may have completed the form, please contact the Service Desk immediately at x7224 or servicedesk@vassar.edu
• Protect your accounts with multi-factor authentication!  If you do click on a phishing link and your Vassar credentials get compromised, attackers won’t be able to login:  http://pages.vassar.edu/catchoftheday/2017/06/29/best-practice-enabling-multi-factor-authentication-with-duo/
• Always examine the link! Look at the information in your web browser to determine whether or not the site you are directed to is a Vassar site or an unknown (or suspicious) one.
• A phone call to the alleged sender would quickly verify if this is a legitimate email. It only takes a few minutes to pick up the phone!
• Report it as phishing to Google. Before deleting the message, make sure to click on “report phishing”.
• A little paranoia goes a long way! Be suspicious of any email messages similar to this one.