Technology Tips

October 26, 2021

Warn Your Employees About The New DocuSign Phishing Campaign

Written By Securafy Team

Phishing attacks tend to focus on executive level targets. They focus on high ranking targets who have considerable system access.

That appears to be changing. A recent trend tracked by researchers from Avanan has revealed that nearly half of all phishing emails analyzed in recent months were crafted to impersonate non-executives.

Additionally more than three quarters of them (77 percent) targeted employees on the same level.

This is something of a departure and it allows those who orchestrate phishing campaigns to target a significantly larger pool of potential victims. The reason behind the shift in focus is easy enough to understand.

The Avanan researchers summarize it as follows:

"Security admins might be spending a lot of time providing extra attention to the C-Suite and hackers have adjusted. At the same time, non-executives still hold sensitive information and have access to financial data. Hackers realized, there is no need to go all the way up the food chain."

Increasingly hackers and scammers are coming to rely on spoofed DocuSign emails to gain access.

If you're unfamiliar with it DocuSign is a legitimate platform used to digitally sign documents. In this case a scammer creates a dummy DocuSign document and emails a request to a low to mid-level employee to update direct deposit information or something similar.

By all outward appearances the DocuSign request looks completely legitimate but there is one important difference. An actual DocuSign email won't ask the recipient for login credentials. The spoofed ones do. Naturally this is done so that the hackers can harvest those credentials.

Given the crush and volume of daily business emails the difference is easy to overlook which explains why this approach has enjoyed an uncannily high degree of success.

Be sure your employees are aware of this latest threat and stay on their guard against it. One moment of carelessness could wind up being costly indeed.

Picture of Securafy Team
About The Author
Our team at Securafy brings you the best tech tips, from how-to guides and troubleshooting advice to software reviews and productivity hacks. We're all about empowering businesses with the tools and knowledge they need to thrive in the digital world. Follow our posts to stay equipped with practical insights that make tech work for you.

Join the Conversation

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.