Kemper Security Tips: New Social Engineering Phish Using DocuSign
Please be on the lookout for this dangerous new email that's going around. It's a brilliant new social engineering phishing scam. It will sail through all your spam / malware filters and email protection devices, because it's entirely legit by using the DocuSign infrastructure. It's a prime example of an info grabbing phish that does not use a malicious payload.
Look Mom, No Malware!
Clicking on the yellow "Review Document" button gets you to—again an entirely legit—DocuSign page, which requires you to fill out the form as per the normal process. Here it is broken up in two parts. The top half is more or less normal for a loan application. But wait, the second half really takes the cake.
Continuing to fill out the form allows the bad guy to completely steal the identity of the victim—and the company identity— especially if they are gullible enough to add the "past three most recent bank statements". Circled.
If someone in accounting would fall for this attack, the damage could be extensive to a point of bankruptcy for a small business that gets hit hard with the potential repercussions.
Identify those high-risk employees and step them through new-school security awareness training!
We strongly suggest you get a quote for new-school security awareness training and find out how affordable this is for your organization. You simply have got to start training and phishing your users ASAP, because your filters never catch all of it. Get a quote now and you will be pleasantly surprised: