Today, Phishing campaigns conducted by many threat actors follow a new way of targeting non-executive employees with access to essential areas inside an organization or company, especially the use of DocuSign.
As reported by researchers, fifty percent of all phishing emails they examined in recent weeks impersonated lower-class employees. Up to 77% of them targeted the same group of employees with the same workload.
Not long ago, phishing actors used the same strategy, but instead of impersonating the low-class employees, they parodied the higher class like the CEOs and CFOs. This is a highly effective strategy because sending commands and creating urgent tasks as a high-ranking official increase the probability of compliance by the receiver of the message.
However, as the companies became more aware of the situation regarding the impersonation of executive officials, they increased their security guarding of these positions. The increased security made phishing actors decide to impersonate the lower class to continue their malicious work and access the target company data.
What is the procedure for phishing passwords using DocuSign?
As detailed in the researchers’ report, a familiar trick employed in these phishing campaigns is the usage of DocuSign, a legit cloud-based document signing platform.
The phishing actors start their modus by offering DocuSign as a replacing signing method in the emails they distribute and asking the message receiver their necessary credentials to view the document and sign it.
These emails are created to look like legitimate DocuSign messages, but they are not being sent from the same platform. If it is sent in a legit DocuSign email, users are never required to enter any credentials; however, an authentication code is emailed to the recipient.
Amid a busy day at work, there is a high chance that many employees will be fooled by this message and consider it a legit DocuSign request, entering their email credentials and delivering them to the hands of phishing actors.
How to avoid this kind of phishing attack?
When you receive an email in your inbox, it is critical to take the time and analyse the content of it to see if there are any signs of deception. Spelling errors, unwanted attachments, and the request to enter your data should be considered as a sign of an attack.
DocuSign’s use in phishing attacks is not new and has been utilized by several threat actors to gather login credentials and spread malware. We want to advise everyone to take a moment before committing to any emails.
