Do you use DocuSign? A new email attack has surfaced where hackers are reeling people in with phishing emails that claim to be from DocuSign.
What is DocuSign
DocuSign makes it simple to sign and securely auto-send important documents. It uses eSignature to keep modern operations moving forward from virtually anywhere, anytime. Organizations of all sizes have made the transition to electronically do business in this ever-changing world.
Watch Your Inbox
The phishing email appears to originate from DocuSign and includes a link and HTML attachment. As the receiver, you are requested to review and sign the document claiming to be “remittance advice.”
If the “View Completed Document” button is clicked, it leads end users to a clean, legitimate webpage.
However, if the attachment is opened, the blank image attack will begin.
Easily Reeled In
Hackers can target practically anyone with this specific technique. By concealing the malware within an empty image attachment, the true intent of the message is easily hidden. With a legitimate link included in the email body, it bypasses link analysis and security scanners. This increases the chances of the attacker reeling you in.
You should always think before you click on any links or attachments. Take extra caution around emails containing HTML attachments. These attachments could be ready and built to deliver malware to your devices.
How To Protect Your Team
HTML attachments aren’t new. What is new is the use of empty images redirecting to malicious materials. It is important to train your employees to stay alert and be aware of all the different types of phishing attacks that are out there.
As cybercriminals continue to come up with new ways to trick users into taking action, it is critical that you educate yourself and your team. End-user phishing training is essential to secure business functionality. Give your organization an extra layer of security by enabling your employees to recognize social engineering attacks.
Imagineering is a proud KnowBe4 partner. KnowBe4 provides a great solution for learning the ins and outs of spotting fake and suspicious emails. With a large library of content to train your users, KnowBe4 allows you to send out simulated phishing emails to your organization and see who the happy clickers are that may need more training.
Contact us today to set up end-user training for your team!
Mobile Device Management (MDM) is just the beginning of your journey toward a comprehensive mobile strategy. To fully harness the power of mobility and drive business success, organizations can explore related solutions that complement MDM and enhance mobile operations.
In recent years, mobile devices have become indispensable in enterprise settings, serving as essential tools for productivity and efficiency. However, the ubiquity of mobile devices also poses security challenges, as they can threaten sensitive business data if lost, stolen, or compromised. This is where MDM steps in, empowering IT and security leaders to provision, manage, and secure mobile devices within their corporate environments, ensuring data security and compliance.
As the number of cyber attacks continue to rise, new security regulations are in the making. These regulations heighten the need for organizations to review their current IT environment and ensure compliance. Organizations can take the right steps to mitigate the risks and ensure industry compliance by learning about these areas of concern.