Why this looks valid

• The "from" address is a valid Google email address used for valid Google Document sharing
• The email appears to be from a Marist College supervisor, Dean, Vice President, or a colleague
• The link in the email is not malicious and leads to a valid Google Drive document

Why this is phishing

• The valid, shared Google Doc contains a link to a phishing form
• The shared Google Doc is generic and has awkward phrasing
• The Google Doc has a Windows logo on it that is from the image archive Shutterstock
• Marist College uses Microsoft OneDrive and SharePoint for all sharing functions, and shares from outside Marist that are on other services, including Google, should always be treated as malicious
• The phishing form, hosted on Google, asks for a person's username and password; information that would never be collected on any form 

Additional notes

• This is an extremely dangerous phishing attempt. If you accepted the Google Share, clicked on a link and filled in your credentials, please contact the Help Desk immediately at x4357 (HELP) or helpdesk@marist.edu.
• Always be suspicious of unsoliciated emails with file sharing links, even those from Microsoft.
• This is a very common way to send a phishing message. The originating email is a valid sharing service and the shared document is not itself malicious. This is a way to bypass malicious email detection tools and ensure the emails land in users' inboxes.
• A little paranoia goes a long way! Be suspicious of any email messages similar to this one.