informa
/
/
Announcements
Event
Cyber Threats, Cyber Vulnerabilities: Assessing Your Attack Surface | Dark Reading Virtual Event | <REGISTER NOW>
PreviousNext
Attacks/Breaches
Quick Hits

DocuSign Phishing Campaign Uses COVID-19 as Bait

The newly discovered campaign lures victims with a supposed file concerning the coronavirus pandemic.
Dark Reading Staff
Dark Reading
May 08, 2020

DocuSign users on Office 365 are the target of a new phishing campaign that features COVID-19 as a lure to convince them to offer up their credentials in return for pandemic information.

According to researchers at Abnormal Security, 50,000 to 60,000 DocuSign users have received the phishing email, which purports to be an automated message from DocuSign carrying a link to a COVID-related document. The malicious link to the document employs a three-level redirect to obfuscate the actual destination — a page that looks like a DocuSign login page. Once visitors are there, the attacker steals any entered credentials.

The campaign uses a combination of trust in DocuSign, increased use of the service because of the rise of working from home, and obfuscated URLs to create a malicious message that has the potential to be very effective.

For more, read here.

VIRTUALSUMMIT_DR20_320x50.jpg
 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register

Recommended Reading:
Editors' Choice
7 Ways to Lock Down Enterprise Printers
Steve Zurier, Contributing Writer
What Squid Game Teaches Us About Cybersecurity
Orion Cassetto, Senior Director of Product Marketing at Cycode
'TodayZoo' Phishing Kit Cobbled Together From Other Malware
Robert Lemos, Contributing Writer
From Help Desk to Head of SOC: Building a Cybersecurity Career on Empathy and Candor
Jon Hencinski, Director of Threat Detection & Response, Expel.io