Why this looks valid

• The email includes a Marist logo
• The email says it is from Marist payroll
• The website looks exactly like the valid Marist College sign on page
• After entering credentials, it asks for a Duo passcode on a page that looks exactly like the Duo prompt

Why this is phishing

• The from address is not a marist.edu email
• The orange EXTERNAL EMAIL banner shows that it came from off-campus
• The Marist College sign-in page is not a marist.edu website
• The Duo page is not a duo.com website and does not allow any Duo authentication options except for a passcode 

Additional notes

• This is an extremely dangerous phishing attempt. If you clicked on the link and filled in your Marist credentials and a Duo passcode, please contact the Help Desk immediately at x4357 (HELP) or helpdesk@marist.edu (please note that just clicking on the website is not harmful and poses no risk to your computer or information).
• How does this work? After putting in your Marist credentials, a new page asks for a Duo passcode. If you put in the passcode, attackers will use your Marist credentials to log into your Marist account, and input the Duo passcode in order to complete mutli-factor authentication. Since you have not actually used the code, the attacker can use it to get into your account.
• Spelling and grammatical errors are good indicators of malicious emails.
• Remember:  always check the link.  You can hover over the link in the email to ensure that it goes to the service referenced in the email. On a mobile device, you can tap and hold the link to preview the page and see the website location.
• Report this message to Microsoft. In Outlook on the Web, click the Junk menu, and select Phishing.
• A little paranoia goes a long way! Be suspicious of any email messages similar to this one.