Attempted Phishing Attacks on NISD

Phishing Attempt

November 2023

A real phishing attempt targeting NISD received on November 13, 2023.

What makes this a phish?

When you get an unsolicited file or document to review, it is best to check the sender or ensure that you are expecting an email. In this instance, the account used to send the email appears to be a valid email address; however, calling or following up with the company using separate communication to confirm the validity of the communication would help secure your account. This phish uses a fake "captcha" page to build a false sense of security. Once on the landing page, you can see that the domain "0ffice.o*********c.click" is not what we would be expecting when logging into NISD's portal, the "o" in office is also a zero which should be a red flag. The page appears legitimate because it has the username filled in, however that is just a function of the page and can be replicated by changing the text in the address bar highlighted above. Be careful what you click on, even if it has some signs of being secure and legitimate!

How to tell if something is phishy.

Double-check the sender's email address before responding or clicking any links.

Look to make sure the sender's email address is correct. You may need to hover over the sender's name or tap the display name of the sender on a mobile device. Then, check for misspelled names, domains, or substitute letters (such as a capital "I" for an lowercase "L")

Check the link.

If the sender looks correct,

On a PC: You can verify the link by hovering over it on your PC and looking in the bottom left corner of the browser window
On a mobile: You can press and hold (don't click!) to open a preview window and verify the link.

Don't click links you don't trust!

Follow up with the sender separately.

If you were not expecting a message from someone follow up with a separate email or call/text to confirm.

Still seem phishy?

Report it!

How to report phishing in NISD:

Open the message
Click the red "hook" in the top right of the message
Log in using your @nisdtx.org or @student.nisdtx.org account
Click "Report"

Attempted Phishing Attacks on NISD

Phishing Attempt

What makes this a phish?

How to tell if something is phishy.

Double-check the sender's email address before responding or clicking any links.

Look to make sure the sender's email address is correct. You may need to hover over the sender's name or tap the display name of the sender on a mobile device. Then, check for misspelled names, domains, or substitute letters (such as a capital "I" for an lowercase "L")

Check the link.

If the sender looks correct,

On a PC: You can verify the link by hovering over it on your PC and looking in the bottom left corner of the browser window

On a mobile: You can press and hold (don't click!) to open a preview window and verify the link.

Don't click links you don't trust!

Follow up with the sender separately.

If you were not expecting a message from someone follow up with a separate email or call/text to confirm.

Still seem phishy?

Report it!

How to report phishing in NISD:

Open the message

Click the red "hook" in the top right of the message

Log in using your @nisdtx.org or @student.nisdtx.org account

Click "Report"

If you are unable to log in to report the message, forward it to phishing@nisdtx.org.