Jump to content

Phishing attack disguises itself as DocuSign document


sincity

Recommended Posts

A new wave of phishing attacks, disguised as an email from DocuSign, aimed at obtaining user credentials from all major email providers has been discovered by the Cofense Phishing Defense Center.

DocuSign is an electronic signature technology that is used by businesses and individuals to exchange contracts, tax documents and legal materials. The threat actors behind this new wave of phishing attacks are using this legitimate application to trick users into handing over their credentials.

The attack begins when a user receives an email that appears to be from DocuSign as it includes its actual logo and the content of the message is similar to real emails sent from the company. However, the first line of the message does not contain the recipient's name and simply says “Good day”.

From the email header, Cofense was able to determine that the threat source originates from the domain narndeo-tech.com. This domain belongs to Hetzner Online GmbH which is a well-known web hosting company based in Germany.

Phishing for credentials

Looking deeper into the emails, Cofense's researchers found an embedded hyperlink that redirects to a phishing page which gives six separate options for users to enter their credentials to access the DocuSign document.

The threat actors recreated login pages for Office 365, Gmail, Microsoft Outlook, Yahoo!, AOL and Apple iCloud which appear quite similar to the real thing to trick users into handing over their login details. However, cautious users could be made aware of the scheme by looking at the URLs of these pages as they are not legitimate.

To prevent falling victim to the DocuSign phishing attack and others like it, Cofense recommends that all users should be cautious when an email instructs them to provide their credentials.

http://feeds.feedburner.com/~r/techradar/digital-home/~4/-CuunvxjOr4
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...