Don’t Fall For DocuSign Impersonators

Imagineering Logo

Do you use DocuSign? A new email attack has surfaced where hackers are reeling people in with phishing emails that claim to be from DocuSign. 

What is DocuSign

DocuSign makes it simple to sign and securely auto-send important documents. It uses eSignature to keep modern operations moving forward from virtually anywhere, anytime. Organizations of all sizes have made the transition to electronically do business in this ever-changing world.

Watch Your Inbox

The phishing email appears to originate from DocuSign and includes a link and HTML attachment. As the receiver, you are requested to review and sign the document claiming to be “remittance advice.”  

If the “View Completed Document” button is clicked, it leads end users to a clean, legitimate webpage. 

However, if the attachment is opened, the blank image attack will begin.  

Easily Reeled In 

Hackers can target practically anyone with this specific technique. By concealing the malware within an empty image attachment, the true intent of the message is easily hidden. With a legitimate link included in the email body, it bypasses link analysis and security scanners. This increases the chances of the attacker reeling you in. 

You should always think before you click on any links or attachments. Take extra caution around emails containing HTML attachments. These attachments could be ready and built to deliver malware to your devices.  

How To Protect Your Team

HTML attachments aren’t new. What is new is the use of empty images redirecting to malicious materials. It is important to train your employees to stay alert and be aware of all the different types of phishing attacks that are out there.  

As cybercriminals continue to come up with new ways to trick users into taking action, it is critical that you educate yourself and your team. End-user phishing training is essential to secure business functionality. Give your organization an extra layer of security by enabling your employees to recognize social engineering attacks. 

Next Steps

Imagineering is a proud KnowBe4 partner. KnowBe4 provides a great solution for learning the ins and outs of spotting fake and suspicious emails. With a large library of content to train your users, KnowBe4 allows you to send out simulated phishing emails to your organization and see who the happy clickers are that may need more training.  

Contact us today to set up end-user training for your team! 

Next-Level Cybersecurity for Your Business

What is Endpoint Detection and Response? This is a technology platform that detects and investigates threats on endpoints. It helps security teams find suspicious endpoint activity to eliminate threats quickly and minimize the impact of an attack.

Read More »
HOOPS Business Management Software, Powered by Acumatica

Request a FREE Demonstration

Experience the Power of the Cloud with a free demonstration of HOOPS Business Management Software, powered by Acumatica.

FREE Consultation

Request a free consult to discuss your business and technology goals by filling out the form below.

Thank You

We have received your submission.

If you have additional questions, please call (715) 834 – 7712.