Tuesday, June 25, 2024

Hackers Exploiting Docusign With Phishing Attack To Steal Credentials

Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make it a highly effective and low-cost attack method. 

Phishing attacks can be easily scaled to target a large number of individuals, increasing the likelihood of success.

Recently, cybersecurity analysts at Abnormal Security discovered that hackers are actively exploiting DocuSign with customizable phishing templates to steal credentials.

Hackers Exploiting Docusign

DocuSign phishing emails targeting customers have spiked, and this mirrors templates found on Russian cybercrime forums. 

These carefully designed fraudulent emails pretend to be legitimate document signing requests from DocuSign but they take advantage of the fact that DocuSign is widely used and trusted. 

Docusign phishing email (Source – Abnormal Security)

Dark web anonymity enables threat actors to trade and tailor DocuSign templates for large-scale phishing, identity theft, and financial fraud. 

Investigations show that there are many marketplaces where these templates are sold while others offer customization services with a promise of exclusivity.

ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service

The growing number of such templates is indicative of digital fraud techniques that organizations need to be aware of in order to manage them.

For instance, before launching phishing campaigns, threat actors either buy templates from reputable sellers on crime forums or get them directly from the targeted service like DocuSign.

Buying templates is easy but requires good replication besides ensuring that they are exclusive. 

Directly downloading templates can be time-consuming and risky as it may involve manual replication and reveal the identity of a criminal. Many people do not have the technical skills to create realistic-looking templates. 

Phishing products (Source – Abnormal Security)

Running several concurrent campaigns targeting various vendors means one does not have to spend much time creating the resource-intensive templates for every campaign, so, purchasing readymade ones saves time. 

Cybercrime groups tend to streamline their operations in order to maximize their profits by sourcing out large quantities of pre-made templates or outsourcing their creation from third parties.

Some threat actors make money by stealing DocuSign passwords through phishing and then use them to carry out BEC and corporate espionage. 

For example, they can go over the files and find payment information, hack into a company’s account, and request money from partners pretending to be the company. 

Also, they likewise vend critical files such as strategic plans of merging, financials, and lists of customers to outsiders or enter blackmail by using it as bait. 

With this work, these individuals generate huge illegal gains while victim organizations experience economic losses and loss of public image.


Here below we have mentioned all the recommendations:-

  • Check the sender’s email address
  • Watch out for impersonal greetings
  • Verify the security code format
  • Inspect links before clicking
  • Use Docusign’s secure document access

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers


Latest articles

Hackers Attacking Windows IIS Server to Upload Web Shells

Windows IIS Servers often host critical web applications and services that provide a gateway...

WikiLeaks Founder Julian Assange Released in Stunning Deal with U.S.

WikiLeaks founder Julian Assange has been released from prison after reaching a deal with...

Four Members of FIN9 Hackers Charged for Attacking U.S. Companies

Four Vietnamese nationals have been charged for their involvement in a series of computer...

BREAKING: NHS England’s Synnovis Hit by Massive Cyber Attack

In a shocking development, the NHS has revealed that it was the victim of...

Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB...

LockBit Ransomware Group Claims Hack of US Federal Reserve

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve,...

Microsoft Power BI Vulnerability Let Attackers Access Organizations Sensitive Data

A vulnerability in Microsoft Power BI allows unauthorized users to access sensitive data underlying...
Tushar Subhra Dutta
Tushar Subhra Dutta
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles