Phishing campaign leverages legit DocuSign email notifications

Cybercriminals are now leveraging legitimate document signature service platforms to conduct phishing scams according to recent reports. In this campaign, cybercriminals are utilizing free accounts from the cloud-based DocuSign service to trick email recipients into clicking on links that introduce malware into their systems and networks. Although researchers debate the novelty of this tactic, they all agree that these attacks are becoming more prevalent. According to the cybersecurity firm Ironscales, hackers are also using “Sharepoint, Google Dogs, Google forms, and other file download services” in addition to DocuSign to deliver phishing scams. There are several steps your organization could take to minimize your risk to these attacks. First, if you receive an email with a suspicious link from a colleague, confirm with them through an alternative communication channel that they are the actual sender. Second, you can hover your mouse over links and an email sender’s name to see if the link address or the sender matches the one displayed in the original message. Finally, scanning a file via API software can help thwart an attack. For more on DocuSign scams, visit SC Magazine.