An image of a letter being caught by a fishing pole with the text "Gone Phishing"


Menu Display

Breadcrumb

Asset Publisher

PHISHING: 3 Important message

Why this looks valid

  • The email appears to be from My Marist
  • The website looks exactly like the valid Marist College sign on page
  • After entering credentials, it asks for a Duo passcode on a page that looks exactly like the Duo prompt

Why this is phishing

  • The from address is not a marist.edu email
  • The orange EXTERNAL EMAIL banner shows that it came from off-campus
  • There is no branding or other indicators that this is a valid email
  • The Marist College sign-in page is not a marist.edu website and is flagged as insecure
  • The Duo page is not a duo.com website, is flagged as insecure, does not have Marist branding, and does not allow any Duo authentication options except for a passcode 

Additional notes

  • This is an extremely dangerous phishing attempt. If you clicked on the link and filled in your Marist credentials and a Duo passcode, please contact the Help Desk immediately at x4357 (HELP) or helpdesk@marist.edu (please note that just clicking on the website is not harmful and poses no risk to your computer or information).
  • We received another, similar batch of emails from a different email address. The subject line is "1 new schedule message." The body of the message is almost identical and goes to the same phishing page
  • How does this work? After putting in your Marist credentials, a new page asks for a Duo passcode. When you put in the passcode, attackers will immediately use your Marist credentials to log into your Marist account, and input the Duo passcode in order to complete mutli-factor authentication. Since you have not actually used the code, the attacker can use it to get into your account.
  • Spelling and grammatical errors are good indicators of malicious emails.
  • Remember:  always check the link.  You can hover over the link in the email to ensure that it goes to the service referenced in the email. On a mobile device, you can tap and hold the link to preview the page and see the website location.
  • Report this message to Microsoft. In Outlook on the Web, click the Junk menu, and select Phishing.
  • A little paranoia goes a long way! Be suspicious of any email messages similar to this one.