Phishing attack disguises itself as DocuSign document

A new wave of phishing attacks, disguised as an email from DocuSign, aimed at obtaining user credentials from all major email providers has been discovered by the Cofense Phishing Defense Center.

DocuSign is an electronic signature technology that is used by businesses and individuals to exchange contracts, tax documents and legal materials. The threat actors behind this new wave of phishing attacks are using this legitimate application to trick users into handing over their credentials.

The attack begins when a user receives an email that appears to be from DocuSign as it includes its actual logo and the content of the message is similar to real emails sent from the company. However, the first line of the message does not contain the recipient's name and simply says “Good day”.

From the email header, Cofense was able to determine that the threat source originates from the domain narndeo-tech.com. This domain belongs to Hetzner Online GmbH which is a well-known web hosting company based in Germany.

Phishing for credentials

Looking deeper into the emails, Cofense's researchers found an embedded hyperlink that redirects to a phishing page which gives six separate options for users to enter their credentials to access the DocuSign document.

The threat actors recreated login pages for Office 365, Gmail, Microsoft Outlook, Yahoo!, AOL and Apple iCloud which appear quite similar to the real thing to trick users into handing over their login details. However, cautious users could be made aware of the scheme by looking at the URLs of these pages as they are not legitimate.

To prevent falling victim to the DocuSign phishing attack and others like it, Cofense recommends that all users should be cautious when an email instructs them to provide their credentials.


TechRadar: Photography & video capture news

This entry was posted in Photography and tagged , , , , , . Bookmark the permalink.

Leave a Reply