In our remote-first world, tech tools have gained greater prominence since they allow people to collaborate without face-to-face interactions. Tech platforms like DocuSign. are convenient since they allow users to electronically sign documents and agreements in a secure and legally binding way.
Unfortunately, there has been a concurrent rise in the number of phishing attacks targeting well-known tech companies and enterprise organisations. Phishing scammers love to target famous brands because users are familiar with them and trust them.
Here at Velocity, one of our clients recently shared how they were the target of a DocuSign phishing scam. The eagle-eyed client knew the emails were dodgy straight away due to glaring spelling mistakes – particularly in the instruction to review and sign the e-document.
“The instructions were misspelt and our client was asked to ‘reveiw and sign’ the e-document. Spelling mistakes and poor grammar are just some of the tell-tale signs that emails supposedly coming from legitimate sources actually originate from phishing scammers,” warns Stuart Sanders, Chief Technology Officer at Velocity.
According to Stuart, other tell-tale signs of a phishing email include an unfamiliar tone or greeting. “Phishing emails sometimes contain generic greetings where there should have been a personalised one (for example: ‘Dear recipient’ instead of ‘Dear Larry’). Some scammers try to avoid raising suspicions by becoming too familiar.”
“If the language or tone of the email is uncharacteristic of the sender, like a colleague suddenly becoming overfamiliar, that could be a red flag that the email originates from a scammer,” Stuart said.
DocuSign has released a white paper that outlines some of the techniques users can implement to distinguish between spoof DocuSign emails and the real thing:
- Avoid opening unknown or suspicious attachments. DocuSign will never attach PDFs, office documents, or zip files to emails.
- Aside from poor spelling and grammar, pay attention to a sense of urgency or demand (act-now-or-face-the-consequences emails).
- Enable multi-factor authentication (MFA) whenever possible.
- Use strong, unique passwords. Avoid using duplicate passwords for multiple websites.
- Hover over embedded links. URLs to view or sign documents from DocuSign contain “docusign.net” and always start with “https”.
- Access your documents directly from the DocuSign website by entering the unique security code found at the bottom of every DocuSign email.
- Ensure that your anti-virus software is up to date and that all patches have been installed.
- Contact the sender offline to verify the email’s authenticity.
“If the email still seems dodgy, make sure to report all suspicious DocuSign emails to your internal IT team. You should also let DocuSign know by report their security concerns to their security team,” Stuart said.
Deter Cyber Attacks with Velocity’s Security Awareness Training
Cyberattacks are only growing more sophisticated, with many cybercriminals using AI tools to target businesses and individuals. Cybercrime has become a multi-trillion dollar industry, and international syndicates are rising like a phoenix from the ashes even after repeated takedowns by law enforcement.
Businesses, as well as their employees and stakeholders, need specialised training to be able to spot and counter sophisticated cyberattacks. Here at Velocity, our clients receive comprehensive and highly customised Security Awareness Training.
Participants will be taught how to spot malicious emails and websites. Our training includes concise, in-person briefings; online video training; and ongoing simulated attack emails. You’ll also get detailed reporting on each participant’s progress.
To learn more about our Security Awareness Training – as well as our other Managed Cybersecurity Services and Solutions – contact us for a free consultation.
