-
About
First-Year Application Deadlines
Don't miss your chance to apply to Marist!
• Early Decision II and Regular Decision: Saturday, Feb. 15About
-
Academics
First-Year Application Deadlines
Don't miss your chance to apply to Marist!
• Early Decision II and Regular Decision: Saturday, Feb. 15Academics
-
Admission & Financial Aid
First-Year Application Deadlines
Don't miss your chance to apply to Marist!
• Early Decision II and Regular Decision: Saturday, Feb. 15Admission & Financial Aid
-
Student Life
First-Year Application Deadlines
Don't miss your chance to apply to Marist!
• Early Decision II and Regular Decision: Saturday, Feb. 15Student Life
- Athletics
An image of a letter being caught by a fishing pole with the text "Gone Phishing"
Why this looks valid
- The email appears to be from Marist College
- Employee Assistance Program portals are services often offered by Human Resources departments
Why this is phishing
- The from address in this case was a Marist user address but wasn't someone from Human Resources
- There is no branding or other indicators that this is a valid email
- The link goes to a form that is not hosted at Marist or on any approved collaboration services such as Microsoft Office Forms
- All Marist employee services are available on the My Marist HR tab
- The name signed on the email does not match the sender address.
Additional notes
- This is an extremely dangerous phishing attempt. If you click on a link and/or fill in your Marist credentials, please visit https://myaccount.marist.edu/react to reset your password. Please also contact the Help Desk immediately at x4357 (HELP) or helpdesk@marist.edu to let them know you entered credentials.
- Spelling and grammatical errors are good indicators of malicious emails.
- Remember: always check the link. You can hover over the link in the email to ensure that it goes to the service referenced in the email. On a mobile device, you can tap and hold the link to preview the page and see the website location.
- Remember: always verify Duo pushes were initiated by you. The attacker was able to get into user accounts after users willingly accepted pushes initiated by the attacker.
- Report this message to Microsoft. In Outlook on the Web, click the Junk menu, and select Phishing.
- A little paranoia goes a long way! Be suspicious of any email messages similar to this one.