Applies to: Everyone
Read time: 3–4 minutes
Purpose: Quickly identify scams and know what to do if you encounter one
1. Always Assume Suspicious
Every email—no matter who appears to send it—should be treated as potentially dangerous until you've confirmed otherwise.
2. Recognize Common Phishing Themes
We've seen real incidents at our schools and beyond, including:
-
Impersonation of school leaders or staff: Fake emails from principals, board members, even pastors requesting urgent help or money.
-
Tech support and password scams: Messages claiming your password expired or urging you to click to renew—Microsoft never does this via email.
-
Financial scams: Pretending to be the IRS, requesting tax resolution over email.
-
Spoofed text messages: A Connecticut district got texts spoofed as coming from their superintendent asking for immediate response. These were fake.
3. Beware of Today’s Smartest Scams
AI-Generated Impersonations
Scammers now use AI to craft email content and tone so lifelike that grammatical errors are nearly gone. These messages can mimic known individuals with frightening precision.
QR Code & Google Classroom Attacks
-
Quishing (QR phishing): Offers like payments or login pages disguised as QR codes can route you to fake websites.
-
Google Classroom hijacks: Phishing lures disguised as Classroom invites can bypass filters because they use legitimate infrastructure. Over 115,000 emails were distributed in a recent wave.
Tycoon Phishing Kit
This tool now uses URL tricks like invisible spaces, fake CAPTCHAs, '@' manipulation, and subdomain splitting—making scam links harder to detect.
Targeted School Portals, Financial Aid Scams
Cloned login pages and fake tuition/payment request emails spike at term starts, catching busy staff off guard.
Malicious QR Codes in K–12
Schools now receive over 15,000 phishing/spam emails daily containing malicious QR codes. A campaign recently reported over 4,300 threats across 40+ compromised domains.
4. Watchlist of Red Flags
| Indicator | What to Watch For |
|---|---|
| Sender name mismatches | “John Smith” vs. random domain |
| Urgent or alarming tone | “Act now or you’re locked out” |
| Suspicious links or QR | Hover to preview—don’t scan/click |
| Odd formatting | Bad grammar or inconsistent style |
| Unexpected attachments | Especially ZIPs, EXEs, or macros |
| Reply-to mismatch | Sender name differs from return address |
| School portal clones | Login pages that look legit, but aren’t |
| AI tone or sophistication | Seamless, overly polished text |
5. Safety Steps—Your Go-To Process
-
Pause. Do not click or respond immediately.
-
Hover over links; scan QR codes only when verified.
-
Verify identity out-of-band: text or call the person using a trusted contact method.
-
Report suspicious emails:
-
Outlook web: Select Report > Phishing.
-
Outlook desktop: Use Report Message > Phishing, or forward as attachment to support@millertechpro.com.
-
-
If you clicked a link or entered credentials:
-
Change your Microsoft 365 password.
-
Deny unexpected Authenticator requests.
-
Contact Miller Tech Pro immediately so we can secure your account.
-
6. Don’t Forget: “Never” Rules
-
Microsoft never emails a password reset link.
-
IRS does not resolve issues over email.
-
IT staff never ask for your password or MFA codes.
7. Examples
-
Likely Phishing:
“Please buy 5 gift cards ASAP and send me the codes.”
“Your password expired. Click here to renew.” -
Likely Legitimate:
Expected content, from a verified address, formatted normally, and no urgent pressure.
8. In an Emergency
Contact Miller Tech Pro Support right away:
-
Phone: 407-868-0846
-
Email: support@millertechpro.com
-
Weekdays: 8 AM–4 PM / Weekends: Emergency Response
Why This Matters
Scammers are combining AI, trusted platforms, and socially engineered content to make threats more convincing than ever. At many of our schools, we've already seen how easy it is to fall for one—so let's stay alert and protect our community.