Cybercriminals can be very sneaky when coming up with their attacks. They go to great lengths in finding ways to rip us off.
A popular tool for criminals these days is the phishing email. A successful phishing scam can lead to your gadget being infected with malware, or ransomware, or your credentials to multiple accounts being stolen. Now, customers of a popular transaction service provider are being targeted with these malicious emails.
What you need to know about the latest phishing scam
We're talking about the company DocuSign. It provides electronic signature technology and Digital Transaction Management services for facilitating electronic exchanges of contracts and signed documents.
The company has discovered a new phishing campaign that began last week, targeting its customers, and others, with malicious emails. It's possible that DocuSign's database of customer emails has been breached as well. Even if you don't use the service, you could receive one of these malicious emails in your inbox.
What's happening is, the cybercriminals behind this phishing attack are creating fake emails with the DocuSign logo. Be careful, the fraudulent emails look very official and they contain malicious links that lead to a macro-enabled Word document. If you click on the link, your gadget could be infected with malware.
DocuSign is detailing what to look for and urges everyone who receives this malicious email to follow these steps:
- Delete any emails with the subject line, "Completed: [domain name] - Wire transfer for recipient-name Document Ready for Signature" and "Completed [domain name/email address] - Accounting Invoice [Number] Document Ready for Signature." These emails are not from DocuSign. They were sent by a malicious third-party and contain a link to malware spam.
- Forward any suspicious emails related to DocuSign to firstname.lastname@example.org, and then delete them from your computer. They may appear suspicious because you don't recognize the sender, weren't expecting a document to sign, contain misspellings (like "docusgn.com" without an 'i' or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://docusign.net.
- Ensure your anti-virus software is enabled and up to date.
As I said earlier, you don't have to be a DocuSign customer to receive phishing emails. Always be prepared by taking the following precautions.
How to defend against phishing attacks:
- Be cautious with links - If you get an email or notification that you find suspicious, don't click on its links. It could be a phishing attack. It's always better to type a website's address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn't what the link claims, do not click on it.
- Watch for typos - Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
- Use unique passwords - Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it's simple for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
- Set up two-factor authentication - Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
- Check your online accounts - The site Have I Been Pwned allows you to check if your email address has been compromised in a data breach.
- Have strong security software - Having strong protection on your family's gadgets is very important. The best defense against digital threats is strong security software.