Scammers impersonate e-signature service DocuSign to steal credentials
Malicious hackers are now using a major company brand for phishing through impersonation attempts, mimicking legit approaches from DocuSign, cloud-email security vendor Avanan revealed on Thursday.
Scammers impersonate tons of well-known brands daily, Microsoft, DHL, and Amazon being the most popular ones.
"Impersonation scams are always incredibly common. What stands out about this one is that the hacker took time to spoof an internal email address, making it more legit," Avanan, a cloud-email security vendor acquired by the Check Point Software Technologies this August, claims.
Additionally, as more and more employees at all levels have access to sensitive data, threat actors are no longer just targeting C-Suite workers.
"Instead, non-executives are targeted 77% more often, according to our research. When a lower-level employee has access to sensitive financial information, there's no need to go up the food chain," it said in a new blog post released in honor of the second week of Cybersecurity Awareness Month and the Fight the Phish theme.
DocuSign, experts claim, is often exploited by scammers. One way to do that is to sign up for accounts and send phishing campaigns directly through the service.
Another way that hackers use DocuSign for phishing is through impersonation attempts. Here's what it looks like:
In legitimate emails sent from DocuSign, recipients are offered an "Alternative Signing Method" in which the recipient is prompted to visit https://www.docusign.com and enter a security code that the company generates, enabling users with more than one option to access and electronically sign their documents.
The email above impersonates DocuSign from a docusign.net address appearing to be sent on behalf of an administrator. In this email, the attackers are requesting the user to view a document for their signature and offer an alternative signing method that leads them to visit a fake website and enter their password.
An impersonation is a common form of phishing. Malicious actors can impersonate users, domains, and brands. Whatever the impersonation is, the idea is to convince the victim to give up information or data that they would normally feel comfortable releasing.
We are used to scammers impersonating C-Suite executives, meaning they are pretending to be your boss. However, Avanan claims that threat actors have switched up tactics. 29,4% of malicious emails are impersonating an executive, and 51,9% of all impersonation emails attempt to mimic a non-executive in the organization.
Avanan's research also shows that non-executives are targeted 77% more often, and there are a few reasons behind this.
"One, security admins might be spending a lot of time providing extra attention to the C-Suite, and hackers have adjusted. Two, non-executives still hold sensitive information and have access to financial data. There is no need to go all the way up the food chain," Avanan claims.
When it comes to brands, here are the most impersonated ones, according to Check Point:
1. Microsoft (related to 45% of all brand phishing attempts globally)
2. DHL (26%)
3. Amazon (11%)
4. Bestbuy (4%)
5. Google (3%)
6. LinkedIn (3%)
7. Dropbox (1%)
8. Chase (1%)
9. Apple (1%)
10. PayPal (0.5%)
Just be aware, this is not a limited list. On Tuesday, INKY researchers revealed that scammers now use math symbols in the Verizon logo to trick their victims. Despite all the money major brands spend on logo design, people are terrible at remembering them, so exercise double caution when checking your email next time.
Did you get a similar message? Always double-check all the links before clicking by hovering over them. Watch out for poor grammar and spelling in the email body, be aware of unfamiliar senders, and never act on a document or file unless you are sure it can be trusted.
More from CyberNews:
Subscribe to our newsletter