- #Docusign changing document info scam pdf#
- #Docusign changing document info scam verification#
- #Docusign changing document info scam professional#
“Users need to always hover over any links embedded in any email and examine it for legitimacy before clicking on it.
#Docusign changing document info scam pdf#
Although PDF and HTML attachments were very common, the top phishing vector was still a rogue URL link in an email,” said KnowBe4’s Roger Grimes.
#Docusign changing document info scam professional#
“There's a good chance that most recipients have had professional or personal interaction with those services. The goal was to get people to enter their credentials for Proofpoint.Īrmorblox did not say if any of the emails were successful, but the campaign builds on a longstanding trend of hackers using platforms like DocuSign to manipulate people into handing over valuable credentials.Ī report from cybersecurity firm Check Point last week found that DocuSign was one of the most used brands in phishing attacks in Q4 alongside Microsoft, Zoom, LinkedIn and Amazon.
#Docusign changing document info scam verification#
The landing page had several hallmarks of legitimacy, including a fake checkmark resembling verification from cybersecurity company Symantec and even the inclusion of the person’s email address. The page had Proofpoint branding and a PDF icon urging the person to clock on the document in order to view it. The goal of the email was to get users to click on the button, which would take them to a fake landing page that impersonated cybersecurity firm Proofpoint. “Through the inclusion of statements around alternate shipping methods, a blurb about the company DocuSign, and even a disclaimer to not share this email with anybody else, unsuspecting victims who fell for the attackers’ manipulating tactics and opened the email would have been presented with additional language and information aimed to establish trust in the victims and encourage he or she to click on the main link that reads: VIEW COMPLETED DOCUMENT.” “The language used within the body of the email continues to impersonate the well-known brand DocuSign,” the researchers said. The researchers noted that DocuSign attacks are particularly successful for scammers because people are used to getting these kinds of emails before and after signing documents through the platform. While the email address and domain name had no association with DocuSign, the scammers were relying on the fact that it can be hard to see these names – particularly on mobile devices where many people typically read their emails. The subject of the emails was “Please DocuSign: Approve Document ” in an attempt to make victims think the email was urgent and needed to be opened as soon as possible.
Researchers at cybersecurity company Armorblox said the brand impersonation campaign targeted Microsoft Office 365 email accounts and managed to bypass other security tools. Scammers used a malicious DocuSign document in a campaign that tried to steal credentials belonging to more than 10,000 people across several organizations. But, depending on the nature of your email customization requirements, you could always create multiple Brands via the DocuSign web console, customize the Email Resource file differently for each Brand, and then set BrandId in each "Create Envelope" API call to affiliate the correct Brand (and therefore email contents) with each envelope.DocuSign scam targeted more than 10,000 inboxes: report It's not currently possible to specify email contents (other than the EmailBlurb in the signing invitation email) via the API. Note that an Email Resource file applies to a specific "Brand" - i.e.,all envelopes that use a specific Brand will derive their content from the Email Resource file that's associated with that Brand. This guide provides all the information you should need to customize the Resource File: You can access Resource Files via the DocuSign web console (when logged in as an Administrator) by going to Preferences > Branding > (link) > Resources (tab). A majority of the Email notifications that DocuSign sends can be customized via modification of the "Email Resource File" (an XML file that contains text strings used in the emails that DocuSign sends).
0 kommentar(er)
