The email appears to be from an actual Vassar user.
The Vassar post office sends notifications regarding packages.
The link redirects to a page that resembles Dropbox, a file sharing service that Vassar does use.
Why this is phishing
A valid Vassar post office package notification does not contain any links or require a login to view package details.
The link in the email does not go to a Vassar site or any other service related to Vassar.
No Vassar College service login page asks for a phone number as part of authentication.
Pages that ask a user to select their provider for login are usually phishing attempts.
Grammar errors, spelling errors, and generic salutations and sign-offs are usually indicative of a suspicious email.
Additional notes
This is an extremely dangerous Phishing attempt. If you clicked on this link and may have completed the form, please contact the Service Desk immediately at x7224 or servicedesk@vassar.edu
A phone call to the alleged sender would quickly verify if this is a legitimate email. It only takes a few minutes to pick up the phone!
Report it as phishing to Google. Before deleting the message, make sure to click on “report phishing”.
A little paranoia goes a long way! Be suspicious of any email messages similar to this one.
