Do you use DocuSign? A new email attack has surfaced where hackers are reeling people in with phishing emails that claim to be from DocuSign.
What is DocuSign
DocuSign makes it simple to sign and securely auto-send important documents. It uses eSignature to keep modern operations moving forward from virtually anywhere, anytime. Organizations of all sizes have made the transition to electronically do business in this ever-changing world.
Watch Your Inbox
The phishing email appears to originate from DocuSign and includes a link and HTML attachment. As the receiver, you are requested to review and sign the document claiming to be “remittance advice.”
If the “View Completed Document” button is clicked, it leads end users to a clean, legitimate webpage.
However, if the attachment is opened, the blank image attack will begin.
Easily Reeled In
Hackers can target practically anyone with this specific technique. By concealing the malware within an empty image attachment, the true intent of the message is easily hidden. With a legitimate link included in the email body, it bypasses link analysis and security scanners. This increases the chances of the attacker reeling you in.
You should always think before you click on any links or attachments. Take extra caution around emails containing HTML attachments. These attachments could be ready and built to deliver malware to your devices.
How To Protect Your Team
HTML attachments aren’t new. What is new is the use of empty images redirecting to malicious materials. It is important to train your employees to stay alert and be aware of all the different types of phishing attacks that are out there.
As cybercriminals continue to come up with new ways to trick users into taking action, it is critical that you educate yourself and your team. End-user phishing training is essential to secure business functionality. Give your organization an extra layer of security by enabling your employees to recognize social engineering attacks.
Next Steps
Imagineering is a proud KnowBe4 partner. KnowBe4 provides a great solution for learning the ins and outs of spotting fake and suspicious emails. With a large library of content to train your users, KnowBe4 allows you to send out simulated phishing emails to your organization and see who the happy clickers are that may need more training.
Contact us today to set up end-user training for your team!
Cybersecurity in Remote Work: Essential Best Practices to Safeguard Your Data
While working from the comfort of your home or a café can be a luxury, it comes with its own set of security challenges that need diligent management. Here are the best practices for maintaining cybersecurity while working remotely
AI in the Workplace: 12 Ways AI Can Transform Your Office Environment
For businesses ready to embrace these changes, AI offers a pathway to a more efficient, productive, and innovative future.
Strengthen Your Cybersecurity with These Essential Security Basics
Effective cybersecurity starts with the basics.