A Phishing Campaign That Leverages Legit DocuSign Email Notifications Is Underway

SC Media is reporting Phishing campaign leverages legit DocuSign email notifications. And the attack is scary:

According to a new Avanan blog post, this is a novel tactic, as the company is not aware of any previous phishing campaigns that have abused authentic and legitimate DocuSign accounts. In emailed commentary, researchers at Ironscales disagreed with Avanan’s claim that the methodology is new, suggesting they “have seen many of these DocuSign attacks.” However, they did assert that it has become “prevalent.”

“Using legitimate accounts to deliver phishing is a very common practice and unfortunately, is usually highly effective for cybercriminals,” Ironscales said in a statement. “Recently our researchers have seen attacks using Sharepoint, Google Dogs, Google forms, and other file download services, like DocuSign.

This attack highlights the golden rule of protecting yourself. Which is to not open any links or attachments that you receive in emails from unknown sources.

Eddy Bobritsky, CEO of Minerva Labs had this to say:

Over the last few years threat actors become more and more sophisticated, and found new methods to disguise themselves from security tools. Legitimate tools are being used to hide malicious code, and by those tricky methods, security tools are having a hard time to detecting them. We can even see malicious ways to hide code in GIF files that are tricking the user to install a malware by itself, masquerading as legitimate software.

Because new and evasive ways will always be invented by bad actors, it is important not to rely only on detection and response tools which work in a way that requires the initial stage of the attack to start by identifying it.

The only way to truly protect any organization is by using prevention tools that prevent attacks before execution, and by that – before any damage has happened.

Hopefully organizations heed his advice.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: