DocuSign phishing campaign targets low-ranking employees

One to add to your phasing awareness campaigns…:

[…] While these emails are crafted to look like legitimate DocuSign messages, they are not being sent from the platform. On real DocuSign emails, users are never asked to enter passwords, but rather an authentication code is emailed to the recipient.

In the haste of daily work, it is likely that some employees will be tricked by this message and treat it as a real DocuSign request, entering their email credentials and handing them over to the phishing actors

When an email lands in your inbox, it is crucial to take the time and evaluate it for any signs of trickery. Unsolicited attachments, spelling errors, and the request to enter your credentials should be treated as big red flags.


Original Article