In the digital age, cybercriminals are constantly finding new ways to deceive individuals and organizations. One of the latest schemes involves using fake DocuSign templates to commit extortion and business email compromise.
DocuSign widespread use has made it a target for scammers. They create phishing emails that look like legitimate DocuSign requests to trick people into giving away personal information or login credentials. The scammers sell fake DocuSign templates and login credentials on underground forums for as little as $10. Armed with these tools, they can send convincing emails to employees of targeted companies, leading them to fake websites where they unknowingly enter sensitive information.
Hackers with login credentials can access employees' DocuSign histories to obtain sensitive documents, such as employer contracts, vendor agreements, and payment information. They can use this information for blackmail or extortion attacks or sell it to other attackers. Additionally, they can use the information to identify new, high-value targets and impersonate specific individuals within a company or its partners. For instance, an attacker could time a request for payment around the time a company typically pays its vendors. By utilizing information from a compromised employee's DocuSign history, they can impersonate a direct superior or a vendor finance department's representative and attach specific, authentic documents to an email for reference.
Key takeaways:
- Always verify the sender's and link addresses in Docusign emails.
- Be cautious of impersonal greetings and unusually short security codes.
- DocuSign supports multiple types of multifactor authentication (MFA). If you have an account with DocuSign, configure MFA
- Open documents directly from the DocuSign website, not through email links.
- If you receive an unexpected document, confirm its legitimacy by contacting the sender directly.
Being vigilant and cautious is the best defense against these cyber threats.
#ALTACyber
------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------