Don't take the phishing bait

posted Jan 15, 2017, 5:57 AM by Granger Meador   [ updated Sep 5, 2018, 2:21 PM ]

Anti-phishing image


define phishing


NEVER give out your district network login username and password when responding to an email link

We are subject to "phishing" attacks, where spammers and other crooks send an email trying to trick you into giving them your login credentials. They are increasingly clever about inserting legitimate first and last names of fellow employees, their work sites, and titles. They can also attempt to "spoof" false email address entries in the From: field of a message. It is vital that both students and staff protect themselves from these attacks.

District staff should NEVER respond to an email with a link requesting them to "authenticate" by giving out their login username and password.

The district will NEVER send you an email message asking you to enter your login credentials to manage your mail account, re-authenticate your account, etc. If you receive such an email message, do not click any links or images in the email message and instead simply delete it.

What to do if you think your account has been hacked

  • Log in to a district networked desktop computer and hit CTRL-ALT-DEL. Select the option to change your password. You'll be prompted to enter your old password once and your new password twice. The change will ripple across some services, including Gmail and other Google apps, Office 365, and Canvas. 
The PowerTeacher, E-portal, and Frontline passwords are NOT synchronized with the others. Click here for help with various logins.
The district's Technology Services department will suspend any accounts they KNOW have been hacked and will work with staff members on getting their accounts cleared and operational again.

Look for the correct domain name after https:// at the very beginning of the address bar when logging into any service

There are also some very clever attacks that try to fool you into thinking you are logging into Google or other services when you are not. You MUST pay attention to what is in the address bar when you log in to any service.

Just looking for the correct domain name (e.g. accounts.google.com when logging into Google) is no longer enough. Clever phishing attacks have found ways to make it look like a site is safe when it is not. 

When you think you are logging into an online service, always make sure the very beginning of the web browser address bar BEGINS with "https://" followed by the correct domain name.

Below are some examples of safe and unsafe address bar entries when logging into Google services.

SAFE
Good Google address bar

SAFE
Safe Google login

NOT SAFE - PHISHING ATTACK
UNSAFE Google login

Notice how in the final UNSAFE phishing attack you DO see "accounts.google.com" yet you are still being attacked. The lack of https://accounts.google.com at the very beginning of the web address and, in the Google Chrome web browser, the missing green lock icon and "Secure", are the giveaways that this is NOT safe.

We encourage all users of district accounts to use the Google Chrome web browser and look for the green secure lock icon and the correct domain name at the VERY BEGINNING of the address bar in Google Chrome when you are trying to login to any online service.

Valid login addresses for district services

 SERVICE WEB ADDRESS BEGINS WITH...
Webmail
(Email)
https://webmail.bps-ok.org/...
PowerSchool and PowerTeacher
(Gradebook, etc.)
https://sis.bps-ok.org/...
 Absence Management
(formerly AESOP)

(Substitute Requests)
 https://www.aesoponline.com/...
E-Portal 
(Pay Stubs,
Leave Balances, Staff Dev. Points, etc.)
https://ok.wengage.com/...

Google Apps for Education
(Documents, calendars, websites, etc.)
https://accounts.google.com/...
 Office 365
(Microsoft Office in the cloud)
https://login.microsoftonline.com/...
 Canvas
(Classroom online tools for grades 6-12)
https://bartlesville.instructure.com/...
 Clever
(Single-sign-on service)
https://clever.com/in/bartlesville

The staff logins webpage on this website has more details.

Don't use your district username and password on non-district services
For your convenience, we link most district-provided services using the same credentials, but please do NOT use that username and password elsewhere. That increases the risk of your account being compromised.