Phishing emails impersonating Docusign, the world’s most popular e-signature service are currently being used by cybercriminals in phishing campaigns.
The victim is notified that they need to electronically sign a document usually a financial one the exact purpose of which isn’t entirely clear from the text which tricks users into opening a phishing website, often on mobile devices where phishing URLs are harder to detect.
This phishing email may or may not mention Docusign but the aim is same - usernames and passwords harvested through successful phishing attacks are often compiled into databases sold on the dark web.
The actual process of signing a document with Docusign for the regular user is simplicity itself.
According to Kaspersky, attackers rely on the victim not understanding how e-signing with Docusign actually works. The inattentive victim follows the link (or QR code) to the phishing page and enters their work login credentials.
How to guard against phishing: filtering out suspicious and unwanted email at the gateway level — our comprehensive solution Kaspersky Security for Mail Servers will do this for you.
Protecting endpoints from phishing redirects with Kaspersky Small Office Security or Kaspersky Next — depending on the size of your organization.
Raising employee awareness of cyberthreats with specialized training. Such training is easy to deliver using our educational Kaspersky Automated Security Awareness Platform.