DocuSign Phishing Campaign Targets Low Ranking Employees

Avanan researchers have released more details to underscore a new trend in phishing, which involves actors targeting non-executive employees with access to valuable areas and data within an organization.

The researchers found that half of all phishing emails analyzed in recent months impersonated non-executives and 77% of the targeted employees on the same level using DocuSign, a legit cloud-based document signing platform.

According to the researchers, the threat actors offer DocuSign as an alternative signature method in the e-mails they send and ask recipients to enter their login credentials to view and sign the document.

Though the e-mails are designed to look legitimate, they are not like real DocuSign requests. DocuSign never asks users to enter passwords, instead receiving an authentication code via e-mail.

Users are advised to take the time to check every email that arrives in their inbox for signs of irregularities such as spelling mistakes, unsolicited attachments and the need to enter their login details.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web