Image: — © AFP
The last target of hackers It is the world of electronic documents. Word has come out that scammers have used a malicious DocuSign campaign attempt to steal the credentials of more than 10,000 people.
looking in the background on this issue for Digital magazine is Joe Gallop, Manager of Cyber Threat Intelligence at Cofense.
Gallop begins by considering the general vulnerability of electronic document systems: “DocuSign spoofing is common for a reason. DocuSign-themed phishing emails regularly make their way through secure email gateways and into users’ inboxes.”
Phishing is a form of identity theft in which cybercriminals create web pages that impersonate popular websites (in whole or in part) with the goal of stealing sensitive information such as usernames/passwords and login details. Credit cards.
One of the reasons for this is due to the popularity of the service, as Gallop assesses: “While the campaign identified by Armorblox shows how DocuSign can be spoofed in mass phishing campaigns (without personalized information or document content), we have also seen. used in very specific ways.
“At first glance, the email appears to be a legitimate communication from DocuSign, with the attacker manipulating the sender’s name, reading DocuSign.” read the Armorblox white paper.
“However, the email address and domain do not show any association with the company, which is difficult to see on mobile devices from which end users frequently open email communications,” the statement continues. Armorblox.
In terms of specific campaigns of concern, Gallop identifies: “We recently identified a phishing campaign specifically targeting dozens of executives in multiple industries (but primarily the insurance industry), asking executives to sign a ‘Settlement Agreement.’ or “Distributor Agreement”, instead of the generic documents used in non-targeted campaigns”.
There are more dangerous attacks in cyberspace. Gallop draws attention to this: “In even more subversive attacks, threat actors will actually create real DocuSign documents rather than simply impersonate DocuSign in an email, hoping recipients will drop their guard after arriving. to the DocuSign domain. The threat actors then place malicious links in the document, leading victims to click on phishing pages or other malicious resources.”
