This posting includes three (3) examples of malicious emails purporting to be audio messages. Marist College received approximately 50 of these messages around Labor Day weekend.  The subject lines varied but all of them had HTML files attached to the email that a user was instructed to click on in order to listen to the message. Every HTML attachment led to a phishing page that asked for Marist credentials by displaying a malicious web page that looked like one of the following:

• A Microsoft Office365 login with the Marist Red Fox logo in the background
• An exact replica of the Marist College central login page, including a perfect copy of one of our error messages which would appear after entering credentials
• The standard Microsoft O365 login page
• A Google or Microsoft form asking for a user's password
• A "voicemail login" page

Why this is phishing

• The Marist College login page would never be accessed from a file attachment, but only from a Marist branded link
• Marist voicemail is not related to Microsoft and would never include a Microsoft logo
• Valid Marist voicemail only comes from Cisco Unity Connection Messaging and never from another source
• Awkward sentence construction and typos are good indicators of malicious emails

Additional notes

• These messages are all extremely dangerous phishing attempt. If you clicked on any similar messages and filled in your credentials, please contact the Help Desk immediately at x4357 (HELP) or helpdesk@marist.edu
• Always treate file attachments as suspicious and pontentially malicious. Report them immediately to phishing@marist.edu and let the Cybersecurity Team evaluate it for you!
• Look up! Whenever clicking on a link, whether in an email or from a website, look at the URL bar at the top of your browser to make 100% sure the website you are at is the one you expected to visit
• Do you know the sender? If the sender name is familiar, try communicating with that person "offline" to see if they really sent the email (offline means a method different than email, such as SMS text message, a phone call to their business number, or a trusted platform where you normally communicate with the individual)
• Marist College voicemail always includes an attached WAV file of the message and never requires a login
• Report this message to Microsoft. In Outlook on the Web, click the Junk menu, and select Phishing
• Did you know: there are always more cyber attacks leading up to and during a holiday weekend. Why? The attackers know that before a long weekend people are distracted and often in a rush to wrap up their work. During these times, people are more likely to be less diligent about scrutinizing email messages and statistically they are more likely to fall for them!
• A little paranoia goes a long way! Be suspicious of any email messages similar to this one