The latest DocuSign threat information from KnowBe4, who we partner with to provide education and updates…
Forget WannaCry. It’s time to prepare for the next threat…
Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real ones. However, they try to trick you into opening an attached Word file and click to enable editing.
If you do that, malware may be installed on your workstation. So if you get emails that look like they come from DocuSign and have an attachment, be very careful. If there is any doubt, pick up the phone and verify before you electronically sign any email. Remember: Think Before You Click.
Think Before You Click On Random Google Doc Invitation Links!
A very convincing Google Docs phishing scam raced through the internet last week. The scam spread almost as fast as a real computer worm, but it was driven by social engineering instead. It appears that a million people fell for it in less than an hour. It was so effective that even if you didn’t receive this email, you probably know someone who did.
The email appeared to be someone you know sharing a Google Doc with you. If you clicked the link in the message, it would have asked you for access permissions to your Gmail account, which the actual Google Docs links would not need.
If you had agreed to give permissions, it would have allowed a malicious third-party web app named “Google Docs” to access your email and address book. It would have spammed everyone in your contacts with the same link to that bogus Google Docs file. Your contacts, in turn, would email everyone in their contacts, and so on, like a human-powered computer worm. All of the emails included the same recipient email address of @mailinator.com. The actual recipient was blind carbon copied (BCC’ed) on it.
Below is an example of what the email looked like:
A person who is watching out for red flags in emails would have decided that this email was unexpected and suspicious. Were you expecting a Google Doc invitation from this person? Provided you were expecting something, is the name of the shared file relevant to what you were expecting? If not, hit that delete button, or report the message to your IT team.
If you’re unsure about whether it is safe or not, contact the person who sent it through a different method (other than email) to ensure it is legitimate. Be vigilant and keep yourself and your organization safe. Always Think Before You Click!