HQ/EMEAFind out how we can help your business
In a new cybercriminal campaign, threat actors utilised a malicious DocuSign file to steal data from over 10,000 staff and individuals from various organisations. Dubbed a brand impersonation campaign by security researchers, threat actors targeted their victims’ MS Office 365 email accounts and evaded security detection.
The researchers’ analysis found a sample of the malicious email spread by the threat actors, with the subject “Please DocuSign: Approve Document 2023-01-11”. The email’s subject title instills a sense of urgency into the receiver to force them to take action immediately.
The hackers employed a malicious DocuSign file in their campaign since many employees are used to receiving and signing documents from the eSignature tool.
Additionally, the researchers observed that the actors have consistently applied a professional level of DocuSign impersonation in their emails to deceive their targets. The malicious email aims to trick the victims into clicking the attached link, where the victims are redirected to a spoofed website of the cybersecurity firm Proofpoint.
In the fake landing website, a PDF icon will be shown to the visitor that urges them to click and view it. Subsequently, the visitor will be asked to enter their sensitive credentials, ultimately leading to data theft.
This particular DocuSign campaign has yet to uncover any information about successfully defrauded victims besides the discovery of over 10,000 targeted individuals. Nonetheless, researchers have seen many campaigns with the same concept of impersonating highly utilised online platforms, such as DocuSign, to attempt data theft.
In fact, a recent study revealed that DocuSign is among the most leveraged tools for phishing campaigns in the last quarter of 2022, alongside other platforms like Zoom, Amazon, LinkedIn, and Microsoft.
Thus, employees and organisations are strongly advised to learn about the threats of phishing attacks. Upon receiving a suspicious message from an unknown or questionable sender, users must refrain from clicking on attached links or downloading or opening files that likely lead them to lose critical information to hackers.
