Over 500 employees at one company were recently sent the same DocuSign phishing email, complete with a convincing request to review a completely fictional contract. Phishing attacks grew by 28% last year. Here’s what to look for with this particular attack, and how to protect your own business from similar scams.
DocuSigning Away Your Data
The report from email software company Armorblox comes with a subject line claiming, “Hannah McDonald shared a ‘Revised Contract’ with you.” Once opened, the viewer sees a short message saying, “Please review the below and get back to me,” along with a document link. The link leads to an impressive fake DocuSign preview page, hosted on the Axure prototyping software. Impersonating DocuSign specifically is a smart way to scam someone, as the brand is so well-known that the victim will be more likely to trust it and even less likely to risk holding up the contract.
How to Stay Safe
The rise of remote work comes with some very specific risks — like electronic signatures. Just like physical documents, everyone needs to be careful what they sign. But unlike a physical document, a phisher can mass-email a fake document out with a single click and have hundreds of different chances at luring in a victim. Here are the best practices that can help you avoid this type of scam:
Use multi-factor authentication — this is one of the easiest and best ways to catch scammersUse a password management tool — we’ve ranked all the top business options hereCheck all details for similarity to previous emails — everything from the address to font size and spelling errors can give away a scammerVerify with others — this phishing attack will always ask you to review or approve a document you don’t expect to receive, so whenever this happens, doublecheck with a coworker if possible
The biggest tip of all? Don’t let your guard down even if you follow all this advice. Phishing attacks always work best on anyone who’s complacent, and we all let our guards down more often than we think.
