In a nutshell: Ransomware might have become hackers’ weapon of choice in recent years, but old fashioned phishing emails remain effective. That’s what a school district in Texas learned recently after it lost around $2.3 million through a phishing scam.

The Manor Independent School District, which is located just outside of Austin, fell victim to the phishing scam in November. Manor Police Department Det. Anne Lopez told KEYE that it handed over the money in three separate transactions.

The district said the local police department and FBI are investigating, and that there are strong leads in the case. It never released any further details about the incident.

CNN reports that the school district serves more than 9,600 students, according to its Facebook page. Manor is about 15 miles from Austin, Texas.

Phishing scams usually involve emails in which criminals try to convince people to hand over details such as passwords and banking information. As these messages often look legitimate, many victims click on their links without realizing it’s a scam. The same technique was used to steal the explicit photos of celebrities in the 2014 incident known as Celebgate, aka The Fappening. The hacker in that instance sent out emails posing as an Apple or Google employee, tricking account holders into revealing their usernames and passwords.

While phishing can still bring in the money for hackers, it’s often not as effective or damaging as ransomware. In the middle of CES last week, Las Vegas almost became the latest city to fall victim to what’s suspected to have been a ransomware attack. As of October last year, there were 81 incidents of ransomware affecting local US governments.