Embedded Files
Phishing Attempt
Phishing Attempt
November 2023
A real phishing attempt targeting NISD received on November 13, 2023.
What makes this a phish?
What makes this a phish?
When you get an unsolicited file or document to review, it is best to check the sender or ensure that you are expecting an email. In this instance, the account used to send the email appears to be a valid email address; however, calling or following up with the company using separate communication to confirm the validity of the communication would help secure your account. This phish uses a fake "captcha" page to build a false sense of security. Once on the landing page, you can see that the domain "0ffice.o*********c.click" is not what we would be expecting when logging into NISD's portal, the "o" in office is also a zero which should be a red flag. The page appears legitimate because it has the username filled in, however that is just a function of the page and can be replicated by changing the text in the address bar highlighted above. Be careful what you click on, even if it has some signs of being secure and legitimate!
How to tell if something is phishy.
How to tell if something is phishy.
Double-check the sender's email address before responding or clicking any links.
Double-check the sender's email address before responding or clicking any links.
Look to make sure the sender's email address is correct. You may need to hover over the sender's name or tap the display name of the sender on a mobile device. Then, check for misspelled names, domains, or substitute letters (such as a capital "I" for an lowercase "L")
Look to make sure the sender's email address is correct. You may need to hover over the sender's name or tap the display name of the sender on a mobile device. Then, check for misspelled names, domains, or substitute letters (such as a capital "I" for an lowercase "L")
Check the link.
Check the link.
If the sender looks correct,
If the sender looks correct,
- On a PC: You can verify the link by hovering over it on your PC and looking in the bottom left corner of the browser window
- On a mobile: You can press and hold (don't click!) to open a preview window and verify the link.
Don't click links you don't trust!
Don't click links you don't trust!
Follow up with the sender separately.
Follow up with the sender separately.
If you were not expecting a message from someone follow up with a separate email or call/text to confirm.
If you were not expecting a message from someone follow up with a separate email or call/text to confirm.
Still seem phishy?
Still seem phishy?
Report it!
Report it!
How to report phishing in NISD:
How to report phishing in NISD:
- Open the message
- Click the red "hook" in the top right of the message
- Log in using your @nisdtx.org or @student.nisdtx.org account
- Click "Report"
If you are unable to log in to report the message, forward it to phishing@nisdtx.org.
If you are unable to log in to report the message, forward it to phishing@nisdtx.org.
Page updated
Report abuse