This phish typically originates from a non-Cornell email address. The sender may appear as "[Spoofed Name] <[user]@gmail.com>" and impersonates a Cornell University employee. The sender typically aims to coerce a Human Resources or other administrative staff member into making fraudulent direct deposit changes. Do not reply to the sender.