Why this looks valid

• This email comes from a valid email external address
• The email looks like it is from a lawyer in reference to a legal matter
• Sending attachments for signature is very common

Why this is phishing

• The attachment is really a HTML page that looks like Microsoft login screen
• The microsoft login screen is a not Microsoft, Marist, or any other known sit
• The email phrasing is very awkward with grammatical errors, which is common for malicious emails

Additional notes

• This is an extremely dangerous phishing attempt. If you clicked on the attachment and filled in your credentials, please contact the Help Desk immediately at x4357 (HELP) or helpdesk@marist.edu.
• Beware of unsolicited attachments: if you are not expecting an attachment, do not open it. An attachment can be a vector for a phishing form, or a virus that will infect your computer just by opening it. You should always verify the sender of an attachment, or forward the email to the Cybersecurity team for review at phishing@marist.edu.
• Did you know: this message was so widespread it made the Cornell Phish Bowl website! See their posting here: https://it.cornell.edu/phish/10120.
• Report this message to Microsoft. In Outlook on the Web, click the Junk menu, and select Phishing.
• A little paranoia goes a long way! Be suspicious of any email messages similar to this one.