The New DocuSign Phishing Campaign

Overwhelmingly, the term MSP applies to outsourced IT services. Particularly, the following areas of business activity are regularly performed by MSPs:
1. Managing IT infrastructure
2. Adding cybersecurity hardening to IT systems
3. Offering technical support to staff
4. Managing user access accounts on clients’ systems
5. Offering fully managed hardware outsourcing

The Avanan researchers summarize it as follows:

“Security admins might be spending a lot of time providing extra attention to the C-Suite and hackers have adjusted. At the same time, non-executives still hold sensitive information and have access to financial data. Hackers realized, there is no need to go all the way up the food chain.”

Increasingly hackers and scammers are coming to rely on spoofed DocuSign emails to gain access.

If you’re unfamiliar with-it DocuSign is a legitimate platform used to digitally sign documents. In this case a scammer creates a dummy DocuSign document and emails a request to a low to mid-level employee to update direct deposit information or something similar.

By all outward appearances the DocuSign request looks completely legitimate but there is one important difference. An actual DocuSign email won’t ask the recipient for login credentials. The spoofed ones do. Naturally this is done so that the hackers can harvest those credentials.

Given the crush and volume of daily business emails the difference is easy to overlook which explains why this approach has enjoyed an uncannily high degree of success.

Be sure your employees are aware of this latest threat and stay on their guard against it. One moment of carelessness could wind up being costly indeed.