Avanan researchers have released more details to underscore a new trend in phishing, which involves actors targeting non-executive employees with access to valuable areas and data within an organization.

The researchers found that half of all phishing emails analyzed in recent months impersonated non-executives and 77% of the targeted employees on the same level using DocuSign, a legit cloud-based document signing platform.

According to the researchers, the threat actors offer DocuSign as an alternative signature method in the e-mails they send and ask recipients to enter their login credentials to view and sign the document.

Though the e-mails are designed to look legitimate, they are not like real DocuSign requests. DocuSign never asks users to enter passwords, instead receiving an authentication code via e-mail.

Users are advised to take the time to check every email that arrives in their inbox for signs of irregularities such as spelling mistakes, unsolicited attachments and the need to enter their login details.