This phish typically originates from a non-Cornell email address. The sender may appear as "Cornell Breakdown Plans <[user]@icloud.com>". The link within directs to a fake login page. Do not reply to the sender nor follow the link. If you entered your credentials into the page, change your NetID password immediately at https://netid.cornell.edu.