If you received the following email, this was a phishing attempt. Marist University students have continued to recieve these emails for the bad actor to obtain financial institution information from students. 

Why this looks valid

• The email claims to be from Marist University

Why this is phishing

• The email came from an external sender using a suspicious Gmail address
• There is no branding or other indicators that this is a valid email
• The link goes to a form that is not hosted at Marist or on any approved collaboration services such as Microsoft Office Forms
• The form is collecting user information and requests users to input information about themselves and their financial institutions
• There is no valid signature in this email
• The email is offering a job with small work hours and good pay and requests banking information 

Additional notes

• This is an extremely dangerous phishing attempt. If you click on a link and/or fill in your Marist credentials, please visit https://myaccount.marist.edu/react to reset your password. Please also contact the Help Desk immediately at x4357 (HELP) or helpdesk@marist.edu to let them know you entered credentials.
• Spelling and grammatical errors are good indicators of malicious emails.
• Remember:  Always check the link. You can hover over the link in the email to ensure that it goes to the service referenced in the email. On a mobile device, you can tap and hold the link to preview the page and see the website location.
• Remember:  Always verify Duo pushes were initiated by you. The attacker was able to get into user accounts after users willingly accepted pushes initiated by the attacker. Marist IT will never request your DUO codes or passwords. 
• Remember: Report this message to Microsoft. In Outlook on the Web, click the Junk menu, and select Phishing.
• Remember: A little paranoia goes a long way! Slow down when you receive emais requesting urgent action and be suspicious of any email messages similar to this one.