الرئيس التنفيذي
أشرف الحادي

رئيس التحرير
فاطمة مهران

Kaspersky warns local businesses of active Docusign-themed phishing scams

Kaspersky is warning of a rising phishing scam involving fraudulent emails pretending to be from Docusign, a globally used e-signature platform. Cyber attackers are sending these emails with links to fake websites where users are asked to enter a work login and password.

The Docusign phishing attack begins with an email that resembles legitimate communication from the service provider. Unlike other phishing schemes, the malicious actors generally do not bother to forge or mask the sender address given how genuine Docusign emails can originate from any address due to the customisation options available to Docusign customers.

Typically, the victim is notified that they must electronically sign a financial-related document, with the click through link included in the email received. In some instances, the phishers can also include a PDF attachment with a QR code inside. The victim is prompted to open the attachment and scan this QR code, supposedly to access the document for signing, however in reality this leads to a phishing website intended to gather users’ credentials.

The tactics and quality of execution can vary from email to email. However, the core principle remains the same: phishers rely on the recipient not understanding how e-signing with Docusign actually works. The inattentive victim follows the link (or QR code) to the phishing page and enters their work login credentials, which go straight to the attackers. Usernames and passwords harvested through successful phishing attacks are often compiled into databases sold on illicit dark web marketplaces, and later used to attack organizations. The whole purpose of Docusign is to make it as easy as possible for companies and individuals to exchange electronically-signed documents. Any additional steps or restrictions — such as creating an account, entering credentials, opening attachments, or using only a smartphone to sign — go against this principle. Therefore, Docusign asks for none of this and strives to make the signing process as quick and simple as possible.

High-quality fake Docusign email

To protect against this Docusign phishing tactic or other scams that impersonate popular services, Kaspersky recommends the following:

• Have an understanding around how the genuine service works. For example, Docusign will never:
o Send a PDF attachment with a link to a document to be signed.
o Give you no choice but to scan a QR code. Docusign works on both mobile devices and computers, so a link is always provided to access the document – not a QR code.
o Require you to enter work login credentials.
o Force you to register with or log in to Docusign. After you sign the document, Docusign might suggest creating an account, but it’s entirely optional.
• Be cautious of links and attachments: Avoid clicking on any unexpected links or downloading attachments in unsolicited emails.
• Train employees: Companies should educate employees on how to recognise phishing attempts. Specialised training systems such as Kaspersky Automated Security Awareness Platform can be of help.
• Use security solutions: Filtering out suspicious and unwanted email at the gateway level with products such as Kaspersky Security for Mail Server prevents employees from being defrauded by socially engineered scams. Security solutions for endpoints relevant to the size of the organization – such as the Kaspersky Small Office Security or Kaspersky Next – will also secure from phishing redirects.
• Use multi-factor authentication: This measure adds an extra layer of protection for sensitive accounts and services.

“Phishers are increasingly using names of trusted services like Docusign. We advise all IT users both at work and at home to always verify the sender’s identity and avoid clicking on suspicious links. Companies should ensure their teams know how to identify phishing emails, while multi-factor authentication and email filtering solutions add an extra level of defence,” Roman Dedenok concludes.

 

 

Related Posts:

Ukraine Leads as Intensity Rises on Day Six of IMMAF Youth World Championships in Al Ain Region

Artal Developments launches (Cēllen & Wēllen) projects in New Cairo

Deceptive docs: Attackers target employees with fake HR updates

UAE National Team Raises Medal Tally to 12 on Day Five of IMMAF Youth World Championships in Al Ain

Italy and ICCROM Launch €6 Million Cultural Heritage Programme in Africa

Celebrate International Beer Day with AED 30 Pints at Holiday Inn Express Dubai Airport & Jumeirah

Raise a Toast to International Beer Day at The Docks, Crowne Plaza Dubai Jumeirah

latest market insights from PRIME by Betterhomes, revealing a record-breaking quarter for Dubai’s ultra-luxury residential m

آخر الأخبار
هيئة قناة السويس: عدد السفن اليومية زاد لـ75 وسفن عملاقة تعبر بانتظام دون تأخير تعيين 11 مدير أمن جديد في حركة الداخلية جديد الثقة في اللواء ناصر محيى الدين مساعدًا للإعلام والعلاقات لوزارة الداخلية الأرصاد: الموجة الحارة مستمرة حتى الثلاثاء المقبل بالأسماء.. وزير الداخلية يعتمد حركة تنقلات وترقيات ضباط الشرطة 2025 وزير الاستثمار والتجارة الخارجية يلتقى عدد من كبرى الشركات اليابانية الليلة.. نانسي عجرم وحكيم يحييان الليلة الرابعة لمهرجان مراسي "ليالي مراسي" مصطفى قمر يستعد لطرح ديو غنائي جديد مع إدوارد المنتخب السعودي يحقق أربع جوائز في أولمبياد الأحياء الدولي 2025 بالفلبين الزمالك يُعلن عن 3 صفقات جديدة لتدعيم صفوف الفريق بعثة الأهلي تصل فندق الإقامة فى تونس العاصمة Ukraine Leads as Intensity Rises on Day Six of IMMAF Youth World Championships in Al Ain Region الرئيس السيسي يتلقى اتصال هاتفي من نظيره الفرنسي إيمانويل ماكرون عروض "أنغام الشباب" و"أوبرا عربي" و"تراث الشرقية" في ثاني أيام مهرجان "ليالينا في العلمين" تحالف الشمول المالي AFI يصدر دراسة حول المبادرة الرئاسية "سكن لكل المصريين" Artal Developments launches (Cēllen & Wēllen) projects in New Cairo وزير التربية والتعليم يكرم أوائل الثانوية العامة ويشيد بتفوقهم وتميزهم «أرتال للتطوير العقاري» تطلق مشروعي «cēllen» و«wēllen» بالقاهرة الجديدة وزيرة التخطيط تعقد اجتماعات ثنائية مكثفة مع وفود الدول ورؤساء مؤسسات التمويل الدولية ومنظمات الأمم ا... أبرز أنشطة وزارة الشئون النيابية والقانونية خلال أسبوع