3 min read

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Alina BÎZGĂ

July 02, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

According to Bitdefender Antispam Lab researchers, cyber thieves are actively targeting DocuSign and Sharepoint users in phishing attacks designed to mimic legitimate correspondence from the two web-based platforms.

Microsoft credentials up for grabs with fake Sharepoint emails

The phishing attack spotted on June 24 appears to have originated from the United States. 33% of the fake emails reached users in the US, 26% in Ireland, 14% in Korea, 12% in Sweden, 5% in Denmark, and 1% in Finland, UK and India.

The scam email, disguised as an automated Microsoft SharePoint, does not seek to infect recipients with malware. The scammers are looking to steal login credentials from their targets—most of the emails use COVID-19 as a ruse to dupe recipients into accessing a bogus document.

For example, the email below asks to review a “Covid 19 relief fund as approved by the board of directors.”

The emails are not directed to any specific employee within the targeted organization. Users who try to access the document will be directed to a landing page mimicking an Outlook login page.

Those who fall for the bait are giving the attackers their legitimate Microsoft credentials, allowing them to commit further crimes, including spreading spear-phishing emails, impersonating employees and stealing sensitive data.

DocuSign brand continues to be exploited during COVID

The DocuSign phishing campaign intercepted by our researchers closely resembles a legitimate email that a user might receive from the company. The perps sent out thousands of emails, most of them originating from IP addresses in Germany and Russia. A rather large number of hits targeted Portuguese and United States users. The message use the brands’ logo, content and footer to dupe recipients into believing the email is real.

The recipient is asked to click a link to review and sign a document. The link directs the user to a bogus webpage that mimics DocuSign, and the user is prompted to sign in to their Adobe account to view the document.

If you’re one of the unfortunate users who clicked on the link and provided your credentials, change the password immediately and take proactive measures. You should also report the fraudulent email and website via the dedicated channel spam@docusign.com and spread the word to friends, family and co-workers.

Signing documents online from anywhere in the world does save time and effort, especially during the pandemic and social-distancing efforts. However, it’s essential for users to remain vigilant and double-check the correspondence before downloading an attachment or providing login credentials, giving cybercriminals the upper hand and freedom to access sensitive information.

Note: This article is based on technical information provided courtesy of Bitdefender Antispam Lab

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FIFA World Cup 2022: Scammers phish for personal data and Microsoft login credentials, Bitdefender Antispam Lab warns FIFA World Cup 2022: Scammers phish for personal data and Microsoft login credentials, Bitdefender Antispam Lab warns
Alina BÎZGĂ

November 23, 2022

3 min read
Crypto Users Beware: Scammers impersonate Binance in QR code phishing email scam spotted by Bitdefender Antispam Lab Crypto Users Beware: Scammers impersonate Binance in QR code phishing email scam spotted by Bitdefender Antispam Lab
Alina BÎZGĂ

November 18, 2022

3 min read
Cybercrooks Leverage Death of Queen Elizabeth II to Steal Users’ Microsoft Credentials Cybercrooks Leverage Death of Queen Elizabeth II to Steal Users’ Microsoft Credentials
Alina BÎZGĂ

September 15, 2022

2 min read