The DocuSign Phishing Campaign Is Aimed Against Lower-level Workers

The DocuSign Phishing Campaign Is Aimed Against Lower-level Workers

Phishing attackers are increasingly targeting non-executive workers who have access to sensitive information within companies.

According to Avanan experts, half of all phishing emails they examined in the last several months impersonated non-executives, and 77% targeted workers on the same level. Previously, phishing actors would mimic CEOs and CFOs in targeted phishing attempts to deceive company personnel.

It makes sense since giving orders and making urgent requests as a high-ranking employee improves the likelihood of the receiver complying with these communications.

Phishing actors shifted to lower-ranking workers. They may serve as good entry points into business networks as CEOs became more attentive and security teams in major organizations placed additional measures around those critical accounts.

A common tactic used in these efforts, according to Avanan’s research, is the use of DocuSign, a legitimate cloud-based document signing tool.

In the emails they send, the actors provide DocuSign as an alternative signing option and urge recipients to input their credentials to see and sign the document.

Even though these emails appear to be from DocuSign, they are not sent through the platform. Users are never prompted to submit passwords in actual DocuSign emails; instead, an authentication code is provided to the receiver.

Amid their regular tasks, some employees are likely to be duped by this message and misinterpret it as a legitimate DocuSign request, providing their email credentials and turning them over to the malicious actors.

When an email arrives in your inbox, it’s critical to examine it for any symptoms of deception. Unsolicited attachments, misspellings, and requests for your credentials should all be considered major red flags.

DocuSign-themed phishing attempts aren’t new, and several threat actors have exploited them to steal login credentials and spread malware. In August 2019, a DocuSign landing page effort went a step further by attempting to dupe consumers into entering their complete credentials for various email providers.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.