Phishing attacks impersonating DocuSign emails are on the rise, thanks to a flourishing underground marketplace where cybercriminals sell fake templates and login credentials. In a recent report, researchers from Abnormal Security noted a significant increase in phishing attempts that mimic legitimate DocuSign requests. These fraudulent emails often lead unsuspecting victims to disclose sensitive information or login credentials.
The leading document-signing software, DocuSign, has become a prime target for phishing attacks due to its popularity and the nature of the valuable documents stored and transferred through the platform. DocuSign emails are typically generic in appearance, making them easy to replicate, with a familiar blue background and the recognizable DocuSign logo. This familiarity can prompt users to click on malicious links without hesitation, falling into the trap laid out by cybercriminals.
Mike Britton, the Chief Information Security Officer (CISO) of Abnormal Security, pointed out that individuals have become conditioned to trust DocuSign links due to their consistent appearance and prevalence in the workplace. This conditioning creates an opportunity for hackers to exploit users’ trust and deceive them into clicking on harmful links or providing personal information.
To achieve the desired look and feel of authentic DocuSign emails, attackers may either create customized templates or purchase ready-made malicious templates from online black markets. These templates can be used to craft phishing emails that entice employees of targeted organizations to divulge their sensitive information. By obtaining login credentials, hackers can gain access to valuable company data, which can be used for malicious purposes or sold to other threat actors.
Furthermore, the stolen login credentials can be used to access employees’ DocuSign accounts and gather sensitive documents for extortion attempts or further exploitation. Hackers can leverage this information for blackmail or identify new targets within the organization, posing as trusted individuals to deceive recipients into disclosing more valuable data.
To mitigate the risk of falling victim to these phishing attacks, Abnormal Security advises employees to remain vigilant for suspicious email senders, unfamiliar links, impersonal greetings, and unusual security codes in DocuSign emails. It is recommended to open documents directly from the company’s website instead of clicking on links in emails and to verify the legitimacy of unexpected emails by contacting the sender directly.
In conclusion, the proliferation of phishing attacks targeting DocuSign underscores the importance of cybersecurity awareness and practices within organizations. By staying informed and adopting proactive security measures, employees can help safeguard sensitive data and protect against potential threats posed by cybercriminals operating in the underground marketplace for fake templates and login credentials.