HomeCII/OTScammers Use Fake DocuSign Templates to Blackmail and Steal From Companies

Scammers Use Fake DocuSign Templates to Blackmail and Steal From Companies

Published on

spot_img

Phishing attacks impersonating DocuSign emails are on the rise, thanks to a flourishing underground marketplace where cybercriminals sell fake templates and login credentials. In a recent report, researchers from Abnormal Security noted a significant increase in phishing attempts that mimic legitimate DocuSign requests. These fraudulent emails often lead unsuspecting victims to disclose sensitive information or login credentials.

The leading document-signing software, DocuSign, has become a prime target for phishing attacks due to its popularity and the nature of the valuable documents stored and transferred through the platform. DocuSign emails are typically generic in appearance, making them easy to replicate, with a familiar blue background and the recognizable DocuSign logo. This familiarity can prompt users to click on malicious links without hesitation, falling into the trap laid out by cybercriminals.

Mike Britton, the Chief Information Security Officer (CISO) of Abnormal Security, pointed out that individuals have become conditioned to trust DocuSign links due to their consistent appearance and prevalence in the workplace. This conditioning creates an opportunity for hackers to exploit users’ trust and deceive them into clicking on harmful links or providing personal information.

To achieve the desired look and feel of authentic DocuSign emails, attackers may either create customized templates or purchase ready-made malicious templates from online black markets. These templates can be used to craft phishing emails that entice employees of targeted organizations to divulge their sensitive information. By obtaining login credentials, hackers can gain access to valuable company data, which can be used for malicious purposes or sold to other threat actors.

Furthermore, the stolen login credentials can be used to access employees’ DocuSign accounts and gather sensitive documents for extortion attempts or further exploitation. Hackers can leverage this information for blackmail or identify new targets within the organization, posing as trusted individuals to deceive recipients into disclosing more valuable data.

To mitigate the risk of falling victim to these phishing attacks, Abnormal Security advises employees to remain vigilant for suspicious email senders, unfamiliar links, impersonal greetings, and unusual security codes in DocuSign emails. It is recommended to open documents directly from the company’s website instead of clicking on links in emails and to verify the legitimacy of unexpected emails by contacting the sender directly.

In conclusion, the proliferation of phishing attacks targeting DocuSign underscores the importance of cybersecurity awareness and practices within organizations. By staying informed and adopting proactive security measures, employees can help safeguard sensitive data and protect against potential threats posed by cybercriminals operating in the underground marketplace for fake templates and login credentials.

Source link

Latest articles

NHS Issues Warning to Staff Regarding Unauthorized Access to Patient Data

NHS Warns Staff of Serious Repercussions for Unauthorized Patient Data Access Britain's National Health Service...

ClickFix and Removable Media: Key Malware Delivery Methods

Cybersecurity Trends: The Rise of ClickFix and USB-Based Attacks In the ever-evolving landscape of cybersecurity,...

Ransomware Negotiator Sentenced to 70 Months in Prison for Supporting BlackCat Attacks

Former Ransomware Negotiator Sentenced for Betrayal and Extortion In a significant legal development, a 41-year-old...

New Ransomware Uses Malicious Driver to Bypass Security Protections

Emerging Threat: GodDamn Ransomware Leverages Microsoft-Signed Drivers for Enhanced Evasion Tactics The landscape of ransomware...

More like this

NHS Issues Warning to Staff Regarding Unauthorized Access to Patient Data

NHS Warns Staff of Serious Repercussions for Unauthorized Patient Data Access Britain's National Health Service...

ClickFix and Removable Media: Key Malware Delivery Methods

Cybersecurity Trends: The Rise of ClickFix and USB-Based Attacks In the ever-evolving landscape of cybersecurity,...

Ransomware Negotiator Sentenced to 70 Months in Prison for Supporting BlackCat Attacks

Former Ransomware Negotiator Sentenced for Betrayal and Extortion In a significant legal development, a 41-year-old...