Scammers Fake DocuSign Templates to Blackmail and Steal
In recent months, the cyber security landscape has seen a disturbing rise in phishing attacks that exploit DocuSign, a widely-used document-signing platform. Cyber criminals are increasingly trafficking in fake DocuSign assets, including templates and login credentials, creating new opportunities for extortion and business email compromise (BEC). These malicious activities have been thriving in underground marketplaces, where phishing emails mimicking legitimate DocuSign requests are readily available for purchase.
The Rise of DocuSign Phishing Attacks
According to researchers from Abnormal Security, phishing attacks designed to imitate DocuSign requests have surged significantly over the past month. The researchers traced these activities to a Russian cybercrime forum, where a thriving market for fake DocuSign templates and documents has emerged. These fraudulent assets are being used to deceive unsuspecting victims into revealing sensitive information or facilitating unauthorized transactions.
The appeal of DocuSign for cybercriminals lies in its widespread use. As a leading document-signing software, DocuSign is often trusted by businesses and individuals alike to handle sensitive documents. This trust, however, makes it an attractive target for cybercriminals. Phishing emails that appear to be legitimate DocuSign requests can easily lure victims into clicking on malicious links, leading to compromised email accounts, data breaches, and financial loss.
The Mechanics of DocuSign Phishing Scams
DocuSign phishing emails are particularly effective because they often appear generic, making them difficult to distinguish from legitimate correspondence. These emails typically contain a prominent call-to-action button, often in bright colors like yellow, urging recipients to click without thinking twice. Once clicked, the victim is redirected to a fake login page that closely mimics the official DocuSign site, where their login credentials are harvested by attackers.
These stolen credentials are then used to launch further attacks, including BEC scams. In a BEC scenario, cybercriminals gain access to a victim's email account and use it to impersonate the victim in communications with colleagues, clients, or vendors. The goal is often to trick the recipient into transferring funds, sharing confidential information, or approving fraudulent transactions.
Protecting Against DocuSign Phishing Attacks
To mitigate the risk of falling victim to DocuSign phishing scams, it's essential to adopt a proactive approach to cybersecurity. Here are some key strategies:
Verify the Source: Always verify the sender's email address and scrutinize any requests for sensitive information or financial transactions. Legitimate DocuSign emails will come from a trusted domain, so be cautious of any inconsistencies.
Educate and Train Employees: Regularly train employees on how to recognize phishing emails and the importance of verifying requests before taking action. Awareness is the first line of defence against phishing attacks.
Implement Multi-Factor Authentication (MFA): Enable MFA on all email accounts and critical systems to add an extra layer of security. Even if login credentials are compromised, MFA can prevent unauthorized access.
Seek Professional Advice: If you’ve been affected by the recent DocuSign threats, reach out to one of our cyber security Guardians for specialised advice.
As cyber criminals continue to innovate, the threat of phishing attacks exploiting DocuSign is unlikely to diminish. By staying vigilant and implementing robust security measures, businesses and individuals can protect themselves from these increasingly sophisticated scams.
Find out more about our 24/7/365 Security Operations Centre here.
