Hackers are targeting DocuSign with a new phishing threat. Be careful, you may sign your details
Hackers are stealing people’s DocuSign accounts to make their Business Email Compromise (BEC) attacks appear more authentic and therefore more successful.
A report by cybersecurity researchers from Abnormalsay they have seen an increase in attacks aimed at stealing people’s DocuSign credentials.
According to the report, it all starts on a dark web forum, where a hacker creates and then sells credible-looking DocuSign email notification templates. These templates are picked up by other threat actors, who use them to trick people into trying to view or sign an important document. At that point, the attackers obtain the victims’ DocuSign credentials, which are then sold back on the dark web or used in the second phase of the attack.
Business email compromise
The second phase involves searching the documents found in the victim’s DocuSign account. People often store sensitive and confidential information there, so the hackers look for contracts, supplier agreements or upcoming payment information. This way they can identify valuable objectives and formulate the right approach for maximum efficiency. They are often also looking for compromising information that can be used in blackmail.
If the right type of information is found, the attackers will impersonate the company and send fake emails to business partners, customers and the like, requesting some form of payment or money transfer. To make the attack even more credible, the hackers will often add fake contracts through the compromised DocuSign account, timing the emails so as not to raise too many alarms.
As with any other phishing attack, the best way to defend yourself is to be skeptical of incoming email, especially if it contains links, attachments, and a sense of urgency. Phishing emails often come from unrelated domains, so checking the email address the message comes from is always a good starting point.