Why this looks valid

• DocuSign is a tool for signing documents which is frequently used by outside companies for Marist College signatures 
• The email contains details to make it look like a valid DocuSign request, most notably the code for accessing the document directly from the DocuSign website
• The email may seem to be from a Marist account or have personalized details in the body of the message
• The link goes to a site that claims to be OneDrive, a Microsoft sharing platform that is used by the community

Why this is phishing

• The link in the email appears to go to OneDrive, whereas a true DocuSign notification would go to the DocuSign website
• The website puporting to be OneDrive is lacking normal Microsoft branding
• "Password" is spelled incorrectly on the malicious webpage (a common tactic to avoid automated detection tools)

Additional notes

• This is an extremely dangerous phishing attempt. If you clicked on this link and filled in your credentials, please contact the Help Desk immediately at x4357 (HELP) or helpdesk@marist.edu
• DocuSign is a very common service. In fact, it is so common that Cyber Criminals love to craft phishing messages based on the service. Never click any links in a message purported to be from DocuSign unless you are working directly with a vendor or company who tells you in advance you will be receiving it. You should also always ask what email address the notification will come from, to ensure you know the notification is valid.
• Remember:  always check the link.  You can hover over the link in the email to ensure that it going to a valid service.
• Report this message to Microsoft. In Outlook on the Web, click the Junk menu, and select Phishing.
• A little paranoia goes a long way! Be suspicious of any email messages similar to this one.