3 min read

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Alina BÎZGĂ

July 02, 2021

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

According to Bitdefender Antispam Lab researchers, cyber thieves are actively targeting DocuSign and Sharepoint users in phishing attacks designed to mimic legitimate correspondence from the two web-based platforms.

Microsoft credentials up for grabs with fake Sharepoint emails

The phishing attack spotted on June 24 appears to have originated from the United States. 33% of the fake emails reached users in the US, 26% in Ireland, 14% in Korea, 12% in Sweden, 5% in Denmark, and 1% in Finland, UK and India.

The scam email, disguised as an automated Microsoft SharePoint, does not seek to infect recipients with malware. The scammers are looking to steal login credentials from their targets—most of the emails use COVID-19 as a ruse to dupe recipients into accessing a bogus document.

For example, the email below asks to review a “Covid 19 relief fund as approved by the board of directors.”

The emails are not directed to any specific employee within the targeted organization. Users who try to access the document will be directed to a landing page mimicking an Outlook login page.

Those who fall for the bait are giving the attackers their legitimate Microsoft credentials, allowing them to commit further crimes, including spreading spear-phishing emails, impersonating employees and stealing sensitive data.

DocuSign brand continues to be exploited during COVID

The DocuSign phishing campaign intercepted by our researchers closely resembles a legitimate email that a user might receive from the company. The perps sent out thousands of emails, most of them originating from IP addresses in Germany and Russia. A rather large number of hits targeted Portuguese and United States users. The message use the brands’ logo, content and footer to dupe recipients into believing the email is real.

The recipient is asked to click a link to review and sign a document. The link directs the user to a bogus webpage that mimics DocuSign, and the user is prompted to sign in to their Adobe account to view the document.

If you’re one of the unfortunate users who clicked on the link and provided your credentials, change the password immediately and take proactive measures. You should also report the fraudulent email and website via the dedicated channel spam@docusign.com and spread the word to friends, family and co-workers.

Signing documents online from anywhere in the world does save time and effort, especially during the pandemic and social-distancing efforts. However, it’s essential for users to remain vigilant and double-check the correspondence before downloading an attachment or providing login credentials, giving cybercriminals the upper hand and freedom to access sensitive information.

Note: This article is based on technical information provided courtesy of Bitdefender Antispam Lab

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

NoMoreRansom Celebrates 5 Years Fighting Crime, 6 Million Infections Restored NoMoreRansom Celebrates 5 Years Fighting Crime, 6 Million Infections Restored
Bogdan BOTEZATU

July 26, 2021

1 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
Alina BÎZGĂ

July 02, 2021

3 min read
Cyber Crooks Hunt for Indeed Job Seekers’ Account Credentials in Latest Phishing Campaign Cyber Crooks Hunt for Indeed Job Seekers’ Account Credentials in Latest Phishing Campaign
Alina BÎZGĂ

June 29, 2021

2 min read