[CyberSecurity] Scam of the Week: Massive DocuSign Phishing Attacks

[OneNet Security]

All,

DocuSign has admitted they were the victim of a data breach that has led to massive phishing attacks which used exfiltrated DocuSign information.

They discovered the data breach when on May 9, 15, and 17 DocuSign, customers were being targeted with phishing campaigns.

"Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real DocuSign ones, but they try to trick you into opening an attached Word file and click to enable editing. Here are some of the subject lines:

Completed: [domain name] - "Wire transfer for recipient-name Document Ready for Signature"
Completed [domain name/email address] - "Accounting Invoice [Number] Document Ready for Signature"
Subject: "Legal acknowledgement for [recipient username] Document is Ready for Signature"

It is recommended that you filter or delete any emails with these specific subject lines.

The campaigns all have Word docs as attachments, and use social engineering<https://www.knowbe4.com/what-is-social-engineering/> to trick users into activating Word's macro feature which will download and install malware on the user's workstation.

But if you do that, malware may be installed on your workstation. So if you get emails that look like they come from DocuSign and have an attachment, be very careful. If there is any doubt, pick up the phone and verify before you electronically sign any DocuSign email. Remember: Think Before You Click."

Let's stay safe out there.


Barbara McCrary
Chief Information Security Officer
MCSE, MCSE:Security, +Messaging, CompTia:Security+
bmccrary at osrhe.edu<mailto:bmccrary at osrhe.edu>

Protecting data is a shared responsibility!

INSTALL antivirus and antispyware software.
USE strong passwords.
KNOW who you are dealing with online.
STORE confidential and sensitive data on encrypted devices only.
SHUT DOWN home computers or disconnect from the Internet when not in use.

Oklahoma State Regents for Higher Education
655 Research Parkway
Suite 200
Oklahoma City, OK  73104
405 225.9316 office
405 234.4321 cell
405 234.4588 fax

Note:  This communication and attachments, if any, are intended solely for the use of the addressee hereof.  In addition, this information and attachments, if any, may contain information that is confidential, privileged and exempt from disclosure under applicable law, including, but not limited to, the Privacy Act of 1974.  If you are not the intended recipient of this information, you are prohibited from reading, disclosing, reproducing, distributing, disseminating, or otherwise using this information.  If you have received this message in error, please promptly notify the sender and immediately, delete this communication from your system.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.onenet.net/pipermail/cybersecurity/attachments/20170522/55ae0a73/attachment.html>