Warn Your Employees About The New DocuSign Phishing Campaign

Phishing attacks tend to focus on executive level targets. They focus on high ranking targets who have considerable system access.

That appears to be changing. A recent trend tracked by researchers from Avanan has revealed that nearly half of all phishing emails analyzed in recent months were crafted to impersonate non-executives.

Additionally more than three quarters of them (77 percent) targeted employees on the same level.

This is something of a departure and it allows those who orchestrate phishing campaigns to target a significantly larger pool of potential victims. The reason behind the shift in focus is easy enough to understand.

The Avanan researchers summarize it as follows:

“Security admins might be spending a lot of time providing extra attention to the C-Suite and hackers have adjusted. At the same time, non-executives still hold sensitive information and have access to financial data. Hackers realized, there is no need to go all the way up the food chain.”

Increasingly hackers and scammers are coming to rely on spoofed DocuSign emails to gain access.

If you’re unfamiliar with it DocuSign is a legitimate platform used to digitally sign documents. In this case a scammer creates a dummy DocuSign document and emails a request to a low to mid-level employee to update direct deposit information or something similar.

By all outward appearances the DocuSign request looks completely legitimate but there is one important difference. An actual DocuSign email won’t ask the recipient for login credentials. The spoofed ones do. Naturally this is done so that the hackers can harvest those credentials.

Given the crush and volume of daily business emails the difference is easy to overlook which explains why this approach has enjoyed an uncannily high degree of success.

Be sure your employees are aware of this latest threat and stay on their guard against it. One moment of carelessness could wind up being costly indeed.

Used with permission from Article Aggregator

"*" indicates required fields