How to Protect Against Docusign Attacks
More and more companies are using electronic signing of documents to save time and money for contracts, mortgages, tax documents and much more.
The pandemic accelerated this trend tremendously and now that these automated systems have been setup, it is likely that the face to face transactions with physical signing of documents will not completely go back to the way it was.
Docusign is by far the top player in the field so the crooks have found ways to trick people into believing they are dealing with them, thereby giving criminals access to their personal and financial information.
For example, in early 2020, Docusign website released a statement warning of a fake email (phishing) campaign.
Phishing Attack Warning Signs
1. You were not expecting any documents. If you didn’t ask for a contract or form, then it is most likely fake,
2. You don’t know the sender. Vendors should contact you ahead of time if they want to sign something and you would be aware of their specific name and email.
3. Check the link- especially the end part of the email. For example, if it says it came from Chase Bank but the email says Chase@gmail.com that is not the real Chase Bank.
4. Watch for misspellings. Sometimes the sentences are poorly written and lately that is not the issue but perhaps the name is purposely off by a little bit, such as changing an i for the number one 1BM.com
Newer Types of Attacks- Real Docusign Emails Used for Phishing
In the fall of 2021, DocuSign issued an alert warning of a phishing campaign that hides malicious links in documents shared in legitimate DocuSign emails.
In the newer attacks, the source was an actual Docusign email but it included links to malicious websites. This makes it difficult to know what’s correct, but you can always contact us to assist in issues like this.
The bottom line is that if you are not totally sure, don’t click on anything- contact ASIS or you can contact the sender without using email– and verify everything.
|We stand ready to help|