A surprise phishing attack showed up in my email inbox today. Here's what it looked like:
Obviously the first thing you'll see is the big red scam flag from my Thunderbird email client. Mozilla Thunderbird is a free, fast and secure email program we use at the office. It can often detect sketchy emails like this. You might want to give it a try if you're worried about email malware attacks.
But even without a scam-detecting email program, this message had some clear warning signs.
First of all, there was no reason for an email from DocuSign or AT&T to show up in my inbox - much less my customer service inbox. Unsolicited emails asking for personal information should immediately make you wary. If you weren't expecting it, approach with extreme caution.
DocuSign is a service that lets you digitally sign documents for contracts using a verified electronic signature. It's a legitimate company that people use for real estate and contracts and other transactions. These types of emails have been showing up in inboxes for the past year or two. This one tried to trick me into signing "Contract Changes" from AT&T. But you could receive a fake signature request from any company. In fact, today DocuSign issued an alert about this problem on its website. Since I don't use DocuSign, that was another big warning sign that this was not on the level.
I poked around in my virtual machine sandbox. It's how I test each download to make sure it's safe for you. I found another couple of problems. First of all, the URL I was taken to was different than the official DocuSign address. It was a long, convoluted address with no domain name, just an IP address. Plus, DocuSign uses SSL, which means the entire domain is encrypted. Instead of "http" in front of the address, you'll see "https." This fake URL had no "S."
Then it asked me to download a PDF file, which is just a type of document. But when I clicked on it, it tried to download an EXE file. EXE means "executable" and it's a program. I don't know what that program would have done if I had let it onto my computer, but I'd bet the farm it wouldn't be good.
This is why it's so important to pay attention to the details of emails. I put together a helpful guide that can teach you how to spot phishing emails like this one. Click here to read it. When you do get a phishing email, you should delete it immediately. If this DocuSign scam shows up in your inbox, you could also take a second to forward it to the company's security department at firstname.lastname@example.org before trashing it forever.
Think you're a pro at spotting scam emails? See if you can find the five problems with this fake email from Amazon. Click here to test your phishing detection skills.