Why this looks valid

• The email appears to be from Marist College
• Employee Assistance Program portals are services often offered by Human Resources departments

Why this is phishing

• The from address in this case was a Marist user address but wasn't someone from Human Resources
• There is no branding or other indicators that this is a valid email
• The link goes to a form that is not hosted at Marist or on any approved collaboration services such as Microsoft Office Forms
• All Marist employee services are available on the My Marist HR tab
• The name signed on the email does not match the sender address.

Additional notes

• This is an extremely dangerous phishing attempt. If you click on a link and/or fill in your Marist credentials, please visit https://myaccount.marist.edu/react to reset your password. Please also contact the Help Desk immediately at x4357 (HELP) or helpdesk@marist.edu to let them know you entered credentials.
• Spelling and grammatical errors are good indicators of malicious emails.
• Remember:  always check the link.  You can hover over the link in the email to ensure that it goes to the service referenced in the email. On a mobile device, you can tap and hold the link to preview the page and see the website location.
• Remember:  always verify Duo pushes were initiated by you. The attacker was able to get into user accounts after users willingly accepted pushes initiated by the attacker.
• Report this message to Microsoft. In Outlook on the Web, click the Junk menu, and select Phishing.
• A little paranoia goes a long way! Be suspicious of any email messages similar to this one.