DocuSign scam targeted more than 10,000 inboxes: report

Scammers used a malicious DocuSign document in a campaign that tried to steal credentials belonging to more than 10,000 people across several organizations. Researchers at cybersecurity company Armorblox said the brand impersonation campaign targeted Microsoft Office 365 email accounts and managed to bypass other security tools. The subject of the emails was "Please DocuSign: Approve Document 2023-01-11" in an attempt to make victims think the email was urgent and needed to be opened as soon as possible. The researchers noted that DocuSign attacks are particularly successful for scammers because people are used to getting these kinds of emails before and after signing documents through the platform. "The language used within the body of the email continues to impersonate the well-known brand DocuSign," the researchers said. "Through the inclusion of statements around alternate shipping methods, a blurb about the company DocuSign, and even a disclaimer to not share this email with anybody else, unsuspecting victims who fell for the attackers' manipulating tactics and opened the email would have been presented with additional language and information aimed to establish trust in the victims and encourage he or she to click on the main link that reads: VIEW COMPLETED DOCUMENT.". The goal of the email was to get users to click on the button, which would take them to a fake landing page that impersonated cybersecurity firm Proofpoint. The page had Proofpoint branding and a PDF icon urging the person to clock on the document in order to view it. The landing page had several hallmarks of legitimacy, including a fake checkmark resembling verification from cybersecurity company Symantec and even the inclusion of the person's email address. The goal was to get people to enter their credentials for Proofpoint. Armorblox did not say if any of the emails were successful, but the campaign builds on a longstanding trend of hackers using platforms like DocuSign to manipulate people into handing over valuable credentials. A report from cybersecurity firm Check Point last week found that DocuSign was one of the most used brands in phishing attacks in Q4 alongside Microsoft, Zoom, LinkedIn and Amazon. "There's a good chance that most recipients have had professional or personal interaction with those services. Although PDF and HTML attachments were very common, the top phishing vector was still a rogue URL link in an email," said KnowBe4's Roger Grimes. "Users need to always hover over any links embedded in any email and examine it for legitimacy before clicking on it. Fake HR, human resource, requests were also a top clicked simulated phishing topic, accounting for nearly a third of all clicked phishing tests." Researchers also revealed another email campaign last week that starts with what appears to be a document from DocuSign. The hackers used the email to hide a malicious URL inside an empty image, allowing them to bypass traditional scanning services. Proofpoint uncovered a DocuSign-branded email campaign that sought to spread a new malware loader called Bumblebee used by multiple crimeware threat actors. That campaign similarly involved a "REVIEW THE DOCUMENT" hyperlink in the body of the email.

This Cyber News was published on therecord.media. Publication date: Wed, 01 Feb 2023 17:12:03 +0000


Cyber News related to DocuSign scam targeted more than 10,000 inboxes: report

Hackers Use Fake DocuSign Templates to Scam Organizations - A surge in phishing attacks that use emails appearing to be from DocuSign is being fueled by a Russian dark web marketplace that has a wide range of take templates and login credentials. Eventually, the search led them to the Russian marketplace, ...
4 months ago Securityboulevard.com
DocuSign scam targeted more than 10,000 inboxes: report - Scammers used a malicious DocuSign document in a campaign that tried to steal credentials belonging to more than 10,000 people across several organizations. Researchers at cybersecurity company Armorblox said the brand impersonation campaign targeted ...
1 year ago Therecord.media
Scammers Fake DocuSign Templates to Blackmail & Steal From Companies - Phishing emails mimicking DocuSign are rising, thanks to a thriving underground marketplace for fake templates and login credentials. Over the past month, researchers from Abnormal Security claim to have tracked a significant increase in phishing ...
4 months ago Darkreading.com
CVE-2019-5303 - There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing ...
10 months ago
CVE-2019-5302 - There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing ...
10 months ago
Check Point Research Unfolds: Navigating the Deceptive Waters: Unmasking A Sophisticated Ongoing NFT Airdrop Scam - Sophisticated Scam Targeting Token Holders: Over 100 popular projects' token holders targeted with fake NFT airdrops appearing from reputable sources. Multi-Stage Deception Uncovered: The ongoing Scam involves enticing victims to fraudulent websites ...
8 months ago Blog.checkpoint.com
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam. What is new is that apps perpetrating the scam can be downloaded from the official Apple and Android app stores - giving them greater apparent validity to ...
1 year ago Securityweek.com
7 Months Inside an Online Scam Labor Camp - He had been kidnapped and forced to work for an abusive online scam operation. A man was abducted by a Chinese gang and forced to work in a scam operation. More than anything else, Neo Lu, a 28-year-old Chinese office worker, believed the gig would ...
9 months ago Nytimes.com
New Phishing Scam Hooks META Businesses with Trademark Threats - The phishing scam falsely asserts that the victim's Facebook page will be permanently deleted due to a post allegedly infringing on trademark rights. There is no actual infringement; it's all part of the scammer's malicious plan. In a recent wave of ...
8 months ago Hackread.com
Fraudsters make $50,000 a day by spoofing crypto researchers - Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X. To lure potential victims, the scammer uses a breach on major ...
10 months ago Bleepingcomputer.com
Massive utility scam campaign spreads via online ads - When customers want to discuss their bills or look for ways to save money, scammers are just a phone call away. Enter the utility scam, where crooks pretend to be your utility company so they can threaten and extort as much money from you as they ...
7 months ago Malwarebytes.com
Cyber Insights 2023: Cyberinsurance - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. In 2022, Russia invaded Ukraine with the potential for more serious and more ...
1 year ago Securityweek.com
Is that survey real or fake? How to spot a survey scam - Online surveys and quizzes are all over the internet. They're quick and cheap to set up, easy for recipients to fill out, and simple for researchers to interpret. It's no wonder that they remain a popular tool for marketers to reach and research ...
1 year ago Welivesecurity.com
Cyber Crime Wave: Chinese Scammers Target Europe with Fake Designer Brands - In the last couple of weeks, there has been an increase in the number of people who have been duped into sharing their card details and other personal information with a network of fake online designer shops that are operated from China, which appear ...
4 months ago Cysecurity.news
Google Cloud Report Spotlights 2024 Cybersecurity Challenges - As the New Year dawns, a cybersecurity report from Google Cloud suggests that while there are many challenges ahead, it will also become simpler for cybersecurity teams to leverage artificial intelligence to better defend IT environments. John ...
9 months ago Securityboulevard.com
Ransomware Attacks Strike South Africa, Decline in UAE - Cybercrime - and especially ransomware - traditionally have had an uneven impact across the Middle East and Africa, yet recent data suggests that ongoing geopolitical conflicts will likely raise the overall level of cyberattacks across the regions. ...
10 months ago Darkreading.com
Indian police arrest five accused of trafficking people into scam compounds - On May 27, the National Investigation Agency said it had searched locations across six states and seized evidence like digital devices and bogus employment letters. Southeast Asia's cyber fraud industry, which is run primarily by Chinese organized ...
4 months ago Therecord.media
Booking.com Customers Scammed in Novel Social Engineering Campaign - Booking.com customers are being targeted by a novel social engineering campaign, which is "Paying serious dividends" for cybercriminals, according to new research by Secureworks. The researchers said the campaign, which they believe has been running ...
10 months ago Infosecurity-magazine.com
Ethereum feature abused to steal $60 million from 99K victims - Malicious actors have been abusing Ethereum's 'Create2' function to bypass wallet security alerts and poison cryptocurrency addresses, which led to stealing $60,000,000 worth of cryptocurrency from 99,000 people in six months. This is reported by ...
10 months ago Bleepingcomputer.com
CVE-2021-20698 - Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 ...
2 years ago
CVE-2021-20699 - Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 ...
2 years ago
What's new in the MSRC Report Abuse Portal and API - The Microsoft Security Response Center has always been at the forefront of addressing cyber threats, privacy issues, and abuse arising from Microsoft Online Services. Building on our commitment, we have introduced several key updates to the Report ...
3 months ago Msrc.microsoft.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
10 months ago Bleepingcomputer.com
Fake Recruiters Defraud Facebook Users via Remote Work Offers - A fresh wave of job scams is spreading on Meta's Facebook platform that aims to lure users with offers for remote-home positions and ultimately defraud them by stealing their personal data and banking credentials. The attackers dangle offers of ...
9 months ago Darkreading.com
Netskope Report Surfaces Raft of Cybersecurity Challenges - A report published by Netskope today revealed that, on average, 29 out of every 10,000 enterprise users clicked on a phishing link each month in 2023. Based on anonymized usage data collected by the Netskope Security Cloud platform, the report also ...
9 months ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)