Why this looks valid

• The email appears to be from a Marist user or a colleague using a Microsoft OneDrive share
• The incoming Microsft email address is valid, indicating that someone has used OneDrive to share something with the recipient
• The links in the email are not malicious, and are valid OneDrive sharing link
• Marist College uses Microsoft as its productivity platform

Why this is phishing

• The valid, shared OneDrive document is a launch page for a phishing website
• The phishing site is a simple Microsoft Form that serves only to harvest college credentials

Additional notes

• This is an extremely dangerous phishing attempt. If you clicked on a link and filled in your credentials, please contact the Help Desk immediately at x4357 (HELP) or helpdesk@marist.edu.
• Always be suspicious of unsoliciated emails with file sharing links.
• A little paranoia goes a long way! Be suspicious of any email messages similar to this one.
• Did you know: within minutes of reporting these emails to phishing@marist.edu, the Cybersecurity team reports the phishing site.  Microsoft Forms that are used for malicious purposes are removed immediately upon reporting abuse.  The timely reporting from the community is key to thwarting these phishing attempts and we are grateful for all who continue to forward messages like these!