Security Awareness – Phishing Campaign Leverages DocuSign to Fool Low-Ranking Employees

Amidst increasing awareness of phishing attacks, one phishing campaign is using the DocuSign software to target lower ranking employees and trick them into providing login credential to scammers. In this campaign, victims receive an email impersonating someone in their organization asking them to “sign” a document by clicking on the attachment and entering their credentials. These emails are created to appear legitimate, but real DocuSign emails never ask users to enter password instead asking them to enter an authentication code emailed to them separately. Although phishing attacks are often associated with C-Suite employees, recently around half of all phishing emails impersonated non-executives, according to researchers at the cybersecurity firm Avanan. As attackers continue impersonating well-known brands in their phishing campaigns, it is important for organizations to emphasize these ploys in regular phishing awareness training. Read more at BleepingComputer or access the original blog post at Avanan.