The DocuSign Desperado: What You Need To Know

By: Joshua Beitler

 Our team has come across a slew of phishing attacks designed to steal your email credentials. We’re calling one particular scam “The DocuSign Desperado.” Here’s what you need to know to protect yourselfand your business.

Friend or Foe?

The DocuSign Desperado tries to get your credentials by sending an email that appears to be from one of your friends or business contacts. The email will say that the sender has a DocuSign or Dropbox file for you to review. There will be a link to the file, and you’ll be asked to click the link to review it.

Many of the emails we’ve come across look similar to this:

masked-email-blog-jab.png

What’s Next?

When you click on a link it will take you to page that mimics DocuSign’s website. The site (pictured below) shows that there is even a secure URL. Hackers are now finding ways to make their sites appear more legitimate and they know we are doing a better job watching out for secure URLs. To read more about the war on non-secure sites, check out this blog post

 Oct 2017 JAB-blog-post-img2.png

Once you select your email provider, as the screen asks you to do, you will be asked to enter your account credentials. Then, you’ll be told the credentials you entered are invalid and to try again. Each time you enter your credentials into this fake site, attackers are learning what your various passwords are. Attackers can then use these login attempts to try and gain access to your email, Dropbox, or any other account with which your email address is associated.

If they get the right credentials, hackers can take over your email from a web portal and send everyone in your address list the same kind of malicious email. If you receive that email from a friend, it means they’ve been successfully hacked without even knowing it.

How To Avoid Being The Next Victim

There are a few ways you can identify whether the email you received is legitimate or malicious. One easy way to scope it out is to hover your mouse over the links before clicking anything. If the email is malicious, you’ll see that the URL does not correspond to Dropbox, DocuSign or any other provider.

You can also message (but don’t forward the suspicious email) your friend or business associate to ask if they really sent that email. If they didn’t, let them know they’ve likely been hacked.

The #1 way to prevent a hacker from gaining access to your network is to educate yourself and your employees on safe computer habits. If you didn’t know, you are the biggest threat to your network security.

Need Help?

If you see any kind of email that resembles what was pictured, do not click on the links and do not provide any login credentials. Contact our technical support team here or call us at 410.685.5512 to analyze it further and discuss a back-up plan in case you’re hacked.

Published October 12, 2017

Cyber Security Wake-Up Call: What’s Putting Your Organization at Risk?

Learn how to lessen your exposure to cyber threats in this free webinar recording.

Cyber Security Wake-Up Call Screen Play

Small Businesses — Be On the Lookout for These Cyber Threats

If you think you’re immune to cyberattacks as a smaller-sized business, you’re wrong. Attackers don’t just pass small...

Threats and Vulnerabilities to Monitor This Cyber Security Awareness Month

Have you ever received an email from an unfamiliar source and wondered, “How did they know that information?” or “How...