The email comes from a valid user at Vassar College.
This user may be a colleague, student, or someone you know well at the college.
Vassar users will often send documents to one another via email.
Clicking the attachment leads to a new website that looks exactly like the Google login, leading users to believe that authentication to Google Drive is required to view it.
Why this is phishing
The website is not Google – the URL bar is clearly not the correct website (see screenshot).
The email message is empty with no greeting or other information.
When viewing a Google email message through a computer web browser, clicking an attachment would never launch a new login screen.
Making an image appear to look like a Word document is meant to trick you into going to the phishing site.
Additional notes
This is an extremely dangerous Phishing attempt. If you clicked on this link and may have completed the form, please contact the Service Desk immediately at x7224 or servicedesk@vassar.edu
Always examine the link! Look at the information in your web browser to determine whether or not the site you are directed to is a Vassar site or an unknown (or suspicious) one.
A phone call to the alleged sender would quickly verify if this is a legitimate email. It only takes a few minutes to pick up the phone!
Report it as phishing to Google. Before deleting the message, make sure to click on “report phishing”.
A little paranoia goes a long way! Be suspicious of any email messages similar to this one.