Recognizing a RIC-branded Sign-In Page

We have branded the Microsoft 365 Sign-In page to help you determine whether you are entering your user name and password in the legitimate Sign-in page. Phishing attacks have become more advanced and are using fake sites with Sign-in pages that are hard to distinguish from the real one.

The first screenshot is of our RIC-branded page, and we describe what characteristics to look for. However, there are situations where the default Office 365 Sign-In page will be presented. We will also describe what to do in these circumstances.

The characteristics of the Sign-In Page

When you browse from your Windows or MacOS computer to the branded M365 Sign-In page you will directed to a page that looks like the above screenshot.

The branded features are (screenshot) to the first:

1. The background - A photo from a campus location (here Adams Library from the Quad at sunset)
2. The Banner in the Sign-In window - Consisting of the RIC Logo (in red) and the Office 365 logo (in black)
3. The Username Hint - Here "enter your RIC account name"
4. The Sign-in page text - Here "Please sign in with your Rhode Island College..."

NOTE: There is no password field on this page, only the user name field (this is an important identifier, see below for explanation)

When you open the same page on a mobile device (like a smart phone) you may not see the background photo, but all the other characteristics are the same.

After you enter your RIC account name and click Next, you will prompted to enter your password. The branded features remain the same, except the it now states:

1. Enter Password
2. Hint is Password

When you now click on Sign in and your M365 account is protected with Multi-Factor Authentication (MFA), you will be prompted to complete the MFA step.

When the M365 Sign-in page is not branded

Not in all circumstances will you see the branded Sign-in page. You may see the default M365 Sign-in page (see screenshot to the right). You have two options to determine whether this is the legitimate Sign-in page.

Be sure it only prompts you for your account name (the Username hint is "Email, phone, or Skype").
NOTE: when the hint is different or you are also prompted for a password you are NOT on a legitimate M365 Sign-in page. In that case close the browser and report this to the ITS Help Center.

OPTION 1 - enter your M365 account name

1. Enter your RIC M365 account name and click on Next
   NOTE: as long as you have not entered your password there is no risk of your account becoming compromised
2. Now you must be redirected to the RIC branded Sign-in page and be prompted for the Password.
   NOTE: if you are not redirected to the RIC branded Sign-in page, do NOT enter your password but close the browser (or other application) and contact the ITS Help Center.
3. If you are redirected to the RIC branded page, you can enter your Password and click Sign in.
4. If your M365 account is protected with Multi-Factor Authentication (MFA), you will be prompted to complete the MFA step.
    

OPTION 2 - Look up the RIC organization in M365

1. Instead of entering your Username, click on Sign-in options
2. Of the options provided, select Sign in to an organization
3. You are now prompted with the dialog Find your organization
4. On the input field (Hint: Domain name) enter ric.edu and click Next
5. Now you will be redirected to the RIC branded M365 Sign-in page
6. If you are NOT redirected to the RIC branded Sign-in page, close the browser (or other application) and contact the ITS Help Center