IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hackers fake DocuSign and offer fraudulent signing methods

Criminals impersonate the e-signing company to steal credentials

Security researchers have revealed criminals’ new tactics to impersonate major brands to steal and harvest victims’ credentials.

Researchers at Avanan, a Check Point company, said hackers impersonate major brands to perform phishing attempts. One frequently seen attempt mimics legit communications from DocuSign.

When DocuSign sends an email, it offers recipients an “Alternative Signing Method.” DocuSign prompts the recipient to visit https://www.docusign.com and enter a security code the company generates. This site then offers users more than one option to access and electronically sign their documents.

In a recent campaign researchers are following, hackers send an email that impersonates DocuSign from a docusign.net address that appears to be on behalf of an administrator. In this email, the attackers request the user view and sign a document and offer an alternative signing method. 

The link to the alternative method leads users to a fake website where they must enter their password. Hackers then steal the email address and password as part of a credential harvesting campaign.

Researchers revealed other commonly impersonated brands, which tend to be trusted and popular ones. The top three most impersonated brands are Microsoft, which is related to 45% of all brand phishing attempts globally, DHL (26%), and Amazon (11%).

Related Resource

The state of brand protection 2021

A new front opens up in the war for brand safety

A log-in screen with a red background - whitepaper from MimecastFree download

Other research carried out by the company found that 51.9% of all impersonation emails attempted to impersonate a non-executive in the organization. Non-executives are targeted 77% more often than other members of an organization.

“There are a few reasons behind this. One, security admins might be spending a lot of time providing extra attention to the C-Suite and hackers have adjusted. Two, non-executives still hold sensitive information and have access to financial data. There is no need to go all the way up the food chain,” said Jeremy Fuchs, content manager at Avanan.

Fraudulent digital signature use has led some companies to increase security surrounding e-signatures. For example, ESign Genie announced its digital signature platform would support knowledge-based authentication by adding an extra layer of security through authenticating document recipients’ identities before issuing viewing or editing rights. Esign Genie’s feature improves the security of sensitive, private, or protected documents by mandating a Social Security number.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022