الرئيس التنفيذي
أشرف الحادي

رئيس التحرير
فاطمة مهران

Kaspersky warns local businesses of active Docusign-themed phishing scams

Kaspersky is warning of a rising phishing scam involving fraudulent emails pretending to be from Docusign, a globally used e-signature platform. Cyber attackers are sending these emails with links to fake websites where users are asked to enter a work login and password.

The Docusign phishing attack begins with an email that resembles legitimate communication from the service provider. Unlike other phishing schemes, the malicious actors generally do not bother to forge or mask the sender address given how genuine Docusign emails can originate from any address due to the customisation options available to Docusign customers.

Typically, the victim is notified that they must electronically sign a financial-related document, with the click through link included in the email received. In some instances, the phishers can also include a PDF attachment with a QR code inside. The victim is prompted to open the attachment and scan this QR code, supposedly to access the document for signing, however in reality this leads to a phishing website intended to gather users’ credentials.

The tactics and quality of execution can vary from email to email. However, the core principle remains the same: phishers rely on the recipient not understanding how e-signing with Docusign actually works. The inattentive victim follows the link (or QR code) to the phishing page and enters their work login credentials, which go straight to the attackers. Usernames and passwords harvested through successful phishing attacks are often compiled into databases sold on illicit dark web marketplaces, and later used to attack organizations. The whole purpose of Docusign is to make it as easy as possible for companies and individuals to exchange electronically-signed documents. Any additional steps or restrictions — such as creating an account, entering credentials, opening attachments, or using only a smartphone to sign — go against this principle. Therefore, Docusign asks for none of this and strives to make the signing process as quick and simple as possible.

High-quality fake Docusign email

To protect against this Docusign phishing tactic or other scams that impersonate popular services, Kaspersky recommends the following:

• Have an understanding around how the genuine service works. For example, Docusign will never:
o Send a PDF attachment with a link to a document to be signed.
o Give you no choice but to scan a QR code. Docusign works on both mobile devices and computers, so a link is always provided to access the document – not a QR code.
o Require you to enter work login credentials.
o Force you to register with or log in to Docusign. After you sign the document, Docusign might suggest creating an account, but it’s entirely optional.
• Be cautious of links and attachments: Avoid clicking on any unexpected links or downloading attachments in unsolicited emails.
• Train employees: Companies should educate employees on how to recognise phishing attempts. Specialised training systems such as Kaspersky Automated Security Awareness Platform can be of help.
• Use security solutions: Filtering out suspicious and unwanted email at the gateway level with products such as Kaspersky Security for Mail Server prevents employees from being defrauded by socially engineered scams. Security solutions for endpoints relevant to the size of the organization – such as the Kaspersky Small Office Security or Kaspersky Next – will also secure from phishing redirects.
• Use multi-factor authentication: This measure adds an extra layer of protection for sensitive accounts and services.

“Phishers are increasingly using names of trusted services like Docusign. We advise all IT users both at work and at home to always verify the sender’s identity and avoid clicking on suspicious links. Companies should ensure their teams know how to identify phishing emails, while multi-factor authentication and email filtering solutions add an extra level of defence,” Roman Dedenok concludes.

 

 

Related Posts

MANEAST Enters Egypt’s Auto Market as Official SOUEAST Agent

Green Investments launches “B.almetr” – the safe haven for fractional real estate investment in Egypt

Ishraq Hospitality Announces Key Leadership Promotions to Drive Strategic Growth

Expo City Dubai Announced as the Official Business Community Partner of The Final Pitch

Maximum Daily Cash Withdrawal Limit from Banks Increases to EGP 500,000

Kaspersky wins three SE Labs® Security Awards

CX Evolve UAE 2025: The Region’s Ultimate Customer Experience Gathering Returns!

INTESA SANPAOLO NAMED BEST EUROPEAN FINANCIAL INSTITUTION FOR INVESTOR AND ANALYST RELATIONS BY IR IMPACT

آخر الأخبار
«هالة أبو السعد» رئيسًا للاتحاد المصري لتمويل المشروعات المتوسطة والصغيرة ومتناهية الصغر سامبا نوفا تطلق أول حل جاهز للذكاء الاصطناعي وقابل للنشر خلال 90 يوماً فقط مؤسَّسة محمد بن راشد للمعرفة وبرنامج الأمم المتحدة الإنمائي يُعلنان تنظيم النسخة العاشرة من "قمَّة ا... أميرة فتحي تتألق بفستان الكوفية الفلسطينية: «القضية في القلب قبل الصورة كاسبرسكي: مجرمو الإنترنت يستهدفون الجيل "زد" عبر صيحات الموضة واستغلال الترند دوباى تؤكد استمرار عمل خدماتها للمدفوعات الرقمية للمرتّبات بكفاءة عالية هواوي تحتفل بالافتتاح الكبير لمتجرها قريبًا في مصر بعروض مثيرة A.M.A Developments تطلق أول مشروعاتها في العاصمة الإدارية الجديدة وزير الاتصالات: خدمات الإنترنت تعافت جزئيًا وعودتها كاملة خلال ساعات وزير الشئون النيابية: صرف تعويضات لأسر شهداء ومصابى حريق سنترال رمسيس ليمفي توسّع خدماتها للدفع الدولي إلى مصر، مستهدفةً سوق تحويلات بقيمة 29.6 مليار دولار رئيس الوزراء يبحث مع نظيره القطري دعم الاستثمارات المشتركة وزير الكهرباء والمدير التنفيذي لهيئة الدولة للطاقة النووية الروسية "روسآتوم" يتفقدان سير العمل فى مش... وزير البترول يجري زيارة إلى غرفة العمليات بشركة "أوسوكو" بجبل الزيت بخليج السويس وزير الصحة يلتقي السفير الباكستاني لبحث التعاون في مبادرات الصحة العامة ومكافحة الأمراض الوبائية الصحة: إطلاق المؤتمر العلمي السنوي لنظم الغذاء لمواجهة التحديات الصحية اتصال هاتفى بين وزير الخارجية والممثلة العليا للشئون الخارجية والسياسة الأمنية للاتحاد الأوروبى وزير الثقافة يوجّه بمراجعة شاملة لكافة إجراءات الأمان والسلامة والحماية المدنية في المنشآت الثقافية 18 يوليو.. أول حفل لحسام حبيب في السعودية بموسم جدة رئيس جامعة أسيوط يبحث أوجه التعاون مع المكتب الكويتي للمشروعات الخيرية بالقاهرة