The email appears to be from an actual Vassar user.
The email content is Vassar specific.
The Vassar post office sends similar notifications regarding packages.
The link redirects to a page that resembles Dropbox, a file sharing service that Vassar does use.
Why this is phishing
A valid Vassar post office package notification does not contain any links or require a login to view package details.
The link in the email does not go to a Vassar site or any other service related to Vassar.
The URL in the message redirects to a page that looks like a previous phishing attempt: Vassar College Merit Award
Pages that ask a user to select their provider for login are usually phishing attempts.
Additional notes
This is an extremely dangerous Phishing attempt. If you clicked on this link and may have completed the form, please contact the Service Desk immediately at x7224 or servicedesk@vassar.edu
A phone call to the alleged sender would quickly verify if this is a legitimate email. It only takes a few minutes to pick up the phone!
Report it as phishing to Google. Before deleting the message, make sure to click on “report phishing”.
A little paranoia goes a long way! Be suspicious of any email messages similar to this one.
