-
About
Marist's Fall Open House
Experience all that Marist has to offer at our Fall Open House.
• November 9About
-
Academics
Marist's Fall Open House
Experience all that Marist has to offer at our Fall Open House.
• November 9Academics
-
Admission & Financial Aid
Marist's Fall Open House
Experience all that Marist has to offer at our Fall Open House.
• November 9Admission & Financial Aid
-
Student Life
Marist's Fall Open House
Experience all that Marist has to offer at our Fall Open House.
• November 9Student Life
- Athletics
An image of a letter being caught by a fishing pole with the text "Gone Phishing"
Why this looks valid
- The email appears to be from My Marist
- The website looks exactly like the valid Marist College sign on page
- After entering credentials, it asks for a Duo passcode on a page that looks exactly like the Duo prompt
Why this is phishing
- The from address is not a marist.edu email
- The orange EXTERNAL EMAIL banner shows that it came from off-campus
- There is no branding or other indicators that this is a valid email
- The Marist College sign-in page is not a marist.edu website and is flagged as insecure
- The Duo page is not a duo.com website, is flagged as insecure, does not have Marist branding, and does not allow any Duo authentication options except for a passcode
Additional notes
- This is an extremely dangerous phishing attempt. If you clicked on the link and filled in your Marist credentials and a Duo passcode, please contact the Help Desk immediately at x4357 (HELP) or helpdesk@marist.edu (please note that just clicking on the website is not harmful and poses no risk to your computer or information).
- We received another, similar batch of emails from a different email address. The subject line is "1 new schedule message." The body of the message is almost identical and goes to the same phishing page
- How does this work? After putting in your Marist credentials, a new page asks for a Duo passcode. When you put in the passcode, attackers will immediately use your Marist credentials to log into your Marist account, and input the Duo passcode in order to complete mutli-factor authentication. Since you have not actually used the code, the attacker can use it to get into your account.
- Spelling and grammatical errors are good indicators of malicious emails.
- Remember: always check the link. You can hover over the link in the email to ensure that it goes to the service referenced in the email. On a mobile device, you can tap and hold the link to preview the page and see the website location.
- Report this message to Microsoft. In Outlook on the Web, click the Junk menu, and select Phishing.
- A little paranoia goes a long way! Be suspicious of any email messages similar to this one.