Purpose

This guide helps Sioux City Community School District (SCCSD) staff and students recognize suspicious emails and safely report them to IT. The goal is to keep our district’s accounts, data, and systems protected.

1. What is phishing?

Phishing is a type of cyberattack that uses fake or misleading emails to trick you into:
• Clicking unsafe links
• Opening harmful attachments
• Sharing your credentials or personal information

 Attackers often disguise themselves as trusted senders — like coworkers, HR, or Microsoft 365 — to appear legitimate.

2. What are the red flags of a suspicious email?

The Email Red Flags infographic highlights the most common warning signs. Here’s how to recognize them:

Category

Red Flags to Watch For

From:

Unknown sender or unusual domain (@siouxcityschool.com instead of @live.siouxcityschools.com)
Unexpected sender claiming to be HR, Payroll, or IT
 Misspelled or look-alike domains (e.g., micorsoft-support.com)

To:

You’re copied with people you don’t recognize
 Random group of recipients or unusual mix of addresses

Subject:

Irrelevant or strange subject line
 “RE:” or “FWD:” messages that you never sent

Date/Time:

Sent at an unusual hour (like 3:00 AM)
 Sent outside of normal school or business hours

Attachments:

Unexpected attachments
 File types you weren’t expecting (e.g., .zip, .exe, .html)

Content:

Urgent or threatening tone (“Your account will be disabled today”)
Offers or prizes that seem too good to be true
Grammar errors, awkward phrasing, or generic greetings
 Requests to open attachments or click a link for “verification”

Hyperlinks:

Hovering shows a mismatched or misspelled URL
Long or strange-looking link addresses
 Hidden hyperlinks disguised as buttons

3. What should I do if I receive a suspicious email?

✅ Do:

• Stop and inspect before clicking or replying.
• Hover over any links to see where they really lead.
• Report it immediately to the SCCSD Help Desk:
- Help Desk Home: https://sccsd.freshdesk.com/support/home
    - Submit a Ticket: https://sccsd.freshdesk.com/support/tickets

? Don’t:

• Don’t click on links or attachments.
• Don’t reply to the sender.
• Don’t forward the email to others.
 • Don’t delete it before reporting.

4. How do I verify if an email is real?

1. Check the sender’s address — all official SCCSD messages come from @live.siouxcityschools.com.
2. Hover before you click — links should go to known, trusted domains (e.g., microsoft.com, office.com).
3. Use Teams or call the person if the message seems out of character.
 4. Look for the “External” tag in Outlook — it means the message came from outside the district.

5. What happens after I report a phishing email?

When you submit a ticket, the Technology Department will:
1. Analyze the message for malicious content.
2. Block the sender or domain if confirmed malicious.
3. Remove the same message from other inboxes if needed.
 4. Notify you if any additional action (like a password reset) is required.

6. What if I clicked a link or entered my password?

1. Change your district password immediately (Ctrl + Alt + Del → Change Password).
2. Go to the Help Desk portal and open a ticket right away:
https://sccsd.freshdesk.com/support/tickets
 3. Watch for MFA prompts or login alerts you didn’t initiate.

7. Common phishing examples in K–12

Type

Example Description

Fake Microsoft Login

“Your mailbox storage is full—click here to verify.”

Payroll Scam

“Update your direct deposit before payroll processing.”

Gift Card Scam

“Please purchase gift cards for staff appreciation.”

Package Delivery Scam

“Your parcel couldn’t be delivered—click to reschedule.”

Shared Document Scam

“A colleague has shared a file with you via OneDrive.”


8. Resources

? Download: Email Red Flags PDF (KnowBe4)
? Report Suspicious Emails: https://sccsd.freshdesk.com/support/tickets
? Visit: https://sccsd.freshdesk.com/support/home


Remember: Think Before You Click!