phishingToday I witnessed first hand a new threat that has successfully infiltrated a friend of mine: a DocuSign phishing email.

Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real DocuSign ones, but they try to trick you in one of two ways:

  1. With an attachment to an encrypted (to bypass antivirus software) Word document and an accompanying password to “unlock” it. This will potentially launch any sort of nasty surprises upon its victims, including Ransomware, which I wrote about last week;
  2. With a link to a phishing site that asks for email credentials to gain access to the DocuSign document. This provides the hacker complete access to your email account, including potential access to your OneDrive or Google Drive documents and also a base from which to launch a further attack to all of your contacts.

Either of the above two scenarios is not pretty and malware may be installed on your workstation. So if you get emails that look like they come from DocuSign (or any other web service, for that matter) and have an attachment or a link requesting login credentials, be very careful. If there is any doubt, pick up the phone and verify before you act on any suspicious email. When I replied to the email I received today, it was actively responded to by the hacker, who “assured” me that it was legitimate. This is a classic example of why you must use a separate medium to confirm the authenticity of any suspected email you receive!

How can you protect yourself from this type of threat? There are two things you can do:

  1. Pay attention to any email you receive and always be suspicious, particularly when an email is unexpected.  If you or any of your staff needs security awareness training, contact us!
  2. Implement two-factor authentication (this is a very old link – I’ll update it shortly) on your email system to prevent third parties from stealing your credentials. Again, contact us if you need assistance with implementing this for yourself and your users.

Remember: Think Before You Click.

Stay safe out there!

Dan

 

One Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.