"Phishing Campaign Leverages Legit DocuSign Email Notifications"

Researchers have discovered phishing scammers signing up for free DocuSign accounts and compromising accounts belonging to others in order to trick email recipients into clicking on malicious links. According to researchers at the email and collaboration security firm Avanan, this is a novel tactic because the company is unaware of any previous campaigns in which authentic and legitimate DocuSign accounts have been leveraged. However, the use of legitimate accounts to perform phishing attacks is a common practice and highly effective for cybercriminals. Researchers at IRONSCALES have recently been seeing attacks using SharePoint, Google Docs, and other file download services. In 2020, Barracuda Networks reported on malicious actors' use of a similar approach with phishing attacks where legitimate file sharing sites were used to store documents that contain links to malicious or phishing sites. Through this use of legitimate sites, the chances of a victim losing their credentials are significantly high, and it is almost guaranteed that stolen credentials will be used in a subsequent attack on an organization. Prospective victims in the DocuSign campaign are sent an invitation to click a link in order to view a document in their browser and then sign it. Typically, DocuSign converts these documents into static PDF files to prevent the user from accidentally enabling a malicious macro, but the files have viable hypertext links that could deliver a malicious document or direct a user to a phishing page if clicked. In addition, cybercriminals can conceal the true nature of links and downloaded malicious files by using sophisticated obfuscation techniques, including steganography. This article continues to discuss findings surrounding the DocuSign phishing campaign.

SC Magazine reports "Phishing Campaign Leverages Legit DocuSign Email Notifications"