DocuSign Phishing Scam Targets Law Firms
This morning, I received an email from a client requesting that I review an email they received to confirm its legitimacy. The email came from a contact they knew at another law firm, and included the following information:
Subject line: "Completed: DocuSign Files"
Text in the body: "[Name of Sender] used Drop box to Share some document files with you.Click review document to access the document according."
Actual email signature of that user
Even I can admit that this is a pretty good forgery. When warning about suspicious emails, we typically tell people to avoid opening links or attachments from unknown senders. If something comes from someone you do know, look for indicators, such as a lack of a subject line, lack of body text, and lack of an email signature.
In the case of this email, it did come from someone known to the firm, it had a subject line, properly capitalized, it had text in the body that included the user's name, making it seem like an email generated from DocuSign, and even included the sender's proper email signature.
The giveaway? Two things- The grammar of the text in the body. "Click review document to access the document according." Close to making sense, but not close enough. Second- the link. If you move the mouse over any link in an email in Outlook, a little bubble will pop showing you where that link will take you. In this case, it was http://tinyurl.com/miscletters. If it were a DocuSign link, when moused over, it would take you to a link starting with https://docusign.com. Notice the https instead of the http. All DocuSign links are encrypted and will start with https.
DocuSign has a full write up on what to look for in a legitimate email here.
If you're looking for help with cyber-security and mitigating the risks associated with forged or malicious email, we can help! Contact Electro-America today!