Phishing attack uses DocuSign

Here is a brilliant new social engineering phishing scam that you may have already seen. It will sail through all your spam / malware filters and email protection devices, because it’s entirely legit by using the Docusign infrastructure. Prime example of an info grabbing phishing attack that does not use a malicious payload.

Easy money?

Phishing attack

Clicking on the yellow “Review Document” button gets you to—again an entirely legit—Docusign page, which requires you to fill out the form as per the normal process. I broke it up in two parts. The top half is more or less normal for a loan application. But wait, the second half really takes the cake.

Scam-1-Phishing Attack

Looking for financial information

Continuing to fill out the form allows the bad guy to completely steal the identity of the victim—and the company identity— especially if they are gullible enough to add the “past three most recent bank statements”. Circled.

Scam-2-Phishing Attack

If someone in accounting would fall for this attack, the damage could be extensive to a point of bankruptcy for a small business that gets hit hard with the potential repercussions.

Identify those high-risk employees and step them through new-school security awareness training!

Cyber Safety Net is a KnowBe4 partner. Reposted with permission from https://blog.knowbe4.com/brilliant-new-social-engineering-phish-please-docusign-funding-for-your-business. Cyber Safety Net – Keeping you safe online. See https://cybersafetynet.net/cyber-security-awareness-training/ to train and strengthen your human firewall. See https://youtu.be/UFpFesrcnvY and https://www.knowbe4.com/security-awareness-training-features/ to learn more.

Tags: