-
About
First-Year Application Deadlines
Don't miss your chance to apply to Marist!
• Early Decision II and Regular Decision: Saturday, Feb. 15About
-
Academics
First-Year Application Deadlines
Don't miss your chance to apply to Marist!
• Early Decision II and Regular Decision: Saturday, Feb. 15Academics
-
Admission & Financial Aid
First-Year Application Deadlines
Don't miss your chance to apply to Marist!
• Early Decision II and Regular Decision: Saturday, Feb. 15Admission & Financial Aid
-
Student Life
First-Year Application Deadlines
Don't miss your chance to apply to Marist!
• Early Decision II and Regular Decision: Saturday, Feb. 15Student Life
- Athletics
An image of a letter being caught by a fishing pole with the text "Gone Phishing"
Why this looks valid
- The email includes a Marist logo
- The email says it is from Marist payroll
- The website looks exactly like the valid Marist College sign on page
- After entering credentials, it asks for a Duo passcode on a page that looks exactly like the Duo prompt
Why this is phishing
- The from address is not a marist.edu email
- The orange EXTERNAL EMAIL banner shows that it came from off-campus
- The Marist College sign-in page is not a marist.edu website
- The Duo page is not a duo.com website and does not allow any Duo authentication options except for a passcode
Additional notes
- This is an extremely dangerous phishing attempt. If you clicked on the link and filled in your Marist credentials and a Duo passcode, please contact the Help Desk immediately at x4357 (HELP) or helpdesk@marist.edu (please note that just clicking on the website is not harmful and poses no risk to your computer or information).
- How does this work? After putting in your Marist credentials, a new page asks for a Duo passcode. If you put in the passcode, attackers will use your Marist credentials to log into your Marist account, and input the Duo passcode in order to complete mutli-factor authentication. Since you have not actually used the code, the attacker can use it to get into your account.
- Spelling and grammatical errors are good indicators of malicious emails.
- Remember: always check the link. You can hover over the link in the email to ensure that it goes to the service referenced in the email. On a mobile device, you can tap and hold the link to preview the page and see the website location.
- Report this message to Microsoft. In Outlook on the Web, click the Junk menu, and select Phishing.
- A little paranoia goes a long way! Be suspicious of any email messages similar to this one.