Fraudulent DocuSign email seeks to steal credentials

Last updated: 10 March 2025
phishing scammers
Image by Cybernews

Nearly unstoppable phishing sites are tricking victims into giving access to their corporate networks.

Phishing remains a persistent threat. It comes in a variety of shapes and forms, begging you to click on malicious links to steal sensitive data. Yet, many users continue to navigate the internet with a false sense of security, unaware of the risks.

Malwarebytes researchers have identified a new ongoing campaign harvesting corporate credentials. Cybercriminals were noticed using the Interplanetary File System (IPFS), a popular decentralized tool for storing, sharing, and accessing files, to host their phishing sites.

ADVERTISEMENT

This setup makes it more difficult to take down fraudulent sites since they’re not stored in a centralized location, and most users don’t have the software needed to access IPFS.

“IPFS is working hard to get the phishing pages removed, but, no surprise for a platform that’s designed to be robust and decentralized, it seems they can’t keep up. New IPFS phishing sites are popping up on a daily basis,” researchers say.

phishing email
A phishing email disguised as a DocuSign message. Source: Malwarebytes

Researchers warn that in this phishing campaign, victims get a fake email with an attached invoice file. The email impersonates DocuSign, a cloud-based electronic signature tool.

In another discovered instance, the crooks send out an email impersonating a mail administrator, which prompts users to click on the same phishing link. The phishing email is disguised as a DocuSign message, a cloud-based e-signature tool.

Clicking the download link opens a phishing site hosted on IPFS. The target is asked to confirm their email address to access the document.

Analysis of the source code reveals that when the target enters their email address and clicks “Access Document,” the phishing sites run a script to fetch the victim's company logo, to load a branded corporate login page.

If the victim falls for this deception and enters a password, it goes straight to the hands of threat actors via the Telegram messaging app.

ADVERTISEMENT

Phishing is a serious threat to companies worldwide, as a simple human mistake can have serious consequences to overall cybersecurity. According to the Cybernews Business Digital Index, 86% of investigated companies struggle with phishing along with other cybersecurity threats.

authentication form
A phishing site hosted on IPFS and the branded phishing site login page. Source: Malwarebytes
Ernestas Naprys Gintaras Radauskas vilius Paulina Okunyte
Don’t miss our latest stories on Google News
Google News Follow us

How to stay safe from phishing attacks?

It’s always better to be safe than sorry. Cybernews security experts offer the following advice on how to protect yourself and your organization from phishing scams:

  • Do not engage. First and foremost, do not interact with the content. Do not click on any links, do not download attachments, and do not reply to the message.
  • Report the phishing attempt to your email provider. Most email services have a Report Phishing option. Many companies also have dedicated channels for reporting phishing attempts that impersonate them.
  • Notify your supervisor. Depending on the organization's policies, if you have received a phishing attempt on one of your workplace channels, you should inform your supervisor or a relevant department (such as IT) so they are aware of potential threats and can assist you in following proper protocols.
  • For phishing attempts using QR codes, report them to the impersonated company and avoid scanning unverified codes. Notify your IT department if it’s encountered in the workplace.
  • Report smishing attempts to your mobile carrier. Some countries also have dedicated hotlines or online services for reporting SMS-based scams.
  • For phone call scams, you can report the number to your phone service provider and, if applicable, to local authorities or consumer protection organizations.
  • If you suspect your information may have been compromised, change your passwords immediately. This is especially critical for accounts with the same password and username/email combination.
  • Check your financial statements and accounts for unauthorized activity.
  • If the phishing attempt involved any financial accounts or there’s a possibility that your financial information was compromised, contact your bank or credit card company to alert them. They can monitor your accounts for suspicious activity and, if necessary, put additional security measures in place.
Share
Post
Share
Share
Share
More from Cybernews
Think tank, funded by Apple, Google, etc., slams European big tech regulations
New VanHelsing RaaS hits three victims, demands $500,000 in bitcoin
Adolescence, Netflix’s new miniseries, has reignited old fears
China’s Starlink problem: smuggled dishes fueling Myanmar scam networks
Ransomware hackers are desperate lying liars
Ukrainian Railways hit with ambitious cyberattack, traffic unscathed
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked