![]() ![]() Back in August, for instance, news emerged of a campaign in which phishers leveraged DocuSign to host malicious links despite the service’s ongoing efforts to prevent such instances of abuse. This isn’t the first time that digital attackers have abused DocuSign to conduct a phishing campaign. Other Phishing Attempts Involving DocuSign Screenshot of the credential harvesting page. It prompted the victim to sign in with Outlook, Office365, or another mail client for the purpose of reading a document hosted in Adobe Document Cloud. Once downloaded, the HTML file brought up a credential harvesting page. Screenshot of the fake Adobe Document download prompt. ![]() “Document is Microsoft protected therefore download to access the original file and advise.”Ĭlicking on the “Review Document” button redirected the victim to an HTML file hosted on DocuSign’s servers. “Attached you will find revised document from Adf Law,” the attackers said in the email. As you can see from the broken grammar used by Arthur in his note to the recipient, something phishy was going on with this email. The body of the email appeared to be an invitation from one Arthur Frank of “Adf Law” for the recipient to review a document. It also came from the legitimate sender email address used by DocuSign for official correspondence. Like other notifications sent out by the service, the email listed one of DocuSign’s North American Services (“DocuSign NA4 System”) as the sender. The screenshot below reveals that the attack email originated from DocuSign. The Latest Living Off the Land Phishing ExampleĪt the end of September, the Zix | AppRiver team flagged an email that arrived with the subject line “Please DocuSign: Proposal Shared Document Online.pdf.” Real Estate & Title In the office or on-the-go, keep malicious emails out of your inbox.ĭigital attackers launched a phishing campaign in which they abused DocuSign to steal victims’ email account credentials.Manufacturing Keep your communications and IP secure.Legal Mitigate risk and preserve client confidentiality with our full suite.Information Technology Cybersecurity Secure critical flaws in your cyber-architecture.hospitals use Zix to help maintain HIPAA compliance. Government Securely automate constituent communications and processes.Financial Services Avoid financial data loss and focus on building strong customer relationships.Enhance Business Productivity Build your business on the security and productivity foundation.Mitigate Compliance Risk Always be protected with our enterprise-grade encryption and data privacy.Protect Business Communications Leverage our machine-learning techniques & live 24/7 threat analysts.Secure, Modern Workplace Eliminate barriers and get more done with enterprise-grade security.Microsoft Made Simple Create a simplified purchasing experience with the New Commerce Experience. ![]() All customers are reminded that they should continue their own due diligence and identify and report to DocuSign any suspicious emails using legitimate DocuSign accounts and technology ( as well as suspicious emails spoofing the DocuSign brand ( Customers should also continue to utilize their own organization’s security tools to investigate potentially malicious documents, links and notifications.įor more information on how to spot phishing, please see our Combating Phishing and Protecting Your Organization Against DocuSign Brand Impersonation white papers. Please treat any DocuSign-themed emails with a link to “ipfsfleekco” as phishing.ĭo not click on any email or attachment links from unknown or untrusted senders. The emails contain a link to a phishing page that is hosted on the following domain:ĭocuSign does not use this service. The emails have been spoofed to appear to be sent from or These emails did not originate from our legitimate DocuSign email servers. DocuSign has observed a new phishing campaign in which malicious URLs are being hidden in fake/imitation DocuSign-themed emails. ![]()
0 Comments
Leave a Reply. |