3 min read

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Alina BÎZGĂ

July 02, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

According to Bitdefender Antispam Lab researchers, cyber thieves are actively targeting DocuSign and Sharepoint users in phishing attacks designed to mimic legitimate correspondence from the two web-based platforms.

Microsoft credentials up for grabs with fake Sharepoint emails

The phishing attack spotted on June 24 appears to have originated from the United States. 33% of the fake emails reached users in the US, 26% in Ireland, 14% in Korea, 12% in Sweden, 5% in Denmark, and 1% in Finland, UK and India.

The scam email, disguised as an automated Microsoft SharePoint, does not seek to infect recipients with malware. The scammers are looking to steal login credentials from their targets—most of the emails use COVID-19 as a ruse to dupe recipients into accessing a bogus document.

For example, the email below asks to review a “Covid 19 relief fund as approved by the board of directors.”

The emails are not directed to any specific employee within the targeted organization. Users who try to access the document will be directed to a landing page mimicking an Outlook login page.

Those who fall for the bait are giving the attackers their legitimate Microsoft credentials, allowing them to commit further crimes, including spreading spear-phishing emails, impersonating employees and stealing sensitive data.

DocuSign brand continues to be exploited during COVID

The DocuSign phishing campaign intercepted by our researchers closely resembles a legitimate email that a user might receive from the company. The perps sent out thousands of emails, most of them originating from IP addresses in Germany and Russia. A rather large number of hits targeted Portuguese and United States users. The message use the brands’ logo, content and footer to dupe recipients into believing the email is real.

The recipient is asked to click a link to review and sign a document. The link directs the user to a bogus webpage that mimics DocuSign, and the user is prompted to sign in to their Adobe account to view the document.

If you’re one of the unfortunate users who clicked on the link and provided your credentials, change the password immediately and take proactive measures. You should also report the fraudulent email and website via the dedicated channel spam@docusign.com and spread the word to friends, family and co-workers.

Signing documents online from anywhere in the world does save time and effort, especially during the pandemic and social-distancing efforts. However, it’s essential for users to remain vigilant and double-check the correspondence before downloading an attachment or providing login credentials, giving cybercriminals the upper hand and freedom to access sensitive information.

Note: This article is based on technical information provided courtesy of Bitdefender Antispam Lab

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Celebrating Six Years of Partnership Fighting Ransomware Celebrating Six Years of Partnership Fighting Ransomware
Bogdan BOTEZATU

July 26, 2022

2 min read
Spammers advertise dating platforms to meet Ukrainian women amid crisis Spammers advertise dating platforms to meet Ukrainian women amid crisis
Alina BÎZGĂ

June 28, 2022

4 min read
Threat Actors Prepare Travel-Themed Phishing Lures for Summer Holidays Threat Actors Prepare Travel-Themed Phishing Lures for Summer Holidays
Alina BÎZGĂ

June 09, 2022

4 min read