DocuSign Email Scam: How to Identify it and Protect Your Business
The DocuSign email scam is causing a lot of problems out there for businesses. Here's how to identify it and take steps to safeguard your business.
As a small business owner, it is crucial that you stay on top of all scams that could potentially target your business. While we are focusing on many of these types of specific scams in a series from the Federal Trade Commission, we wanted to draw your attention today to a phishing email scam that is on the rise.
With this particular scam, hackers are posing as someone you know. You receive an email from a trusted source when in fact, the email is coming from the hacker. You will be asked to verify documents via email and from there the scammers capture your email address and email password to hack into your account.
How does this scam play out?
The following five steps outline the usual progression a hacker will most likely follow in regard to this type of scam:
Step No. 1: You and/or members of your organization receive an email from a trusted source—someone who you have previously done business with or have corresponded with. The email states you have received documents that need to be signed or reviewed or something similar. The subject line of the body or the email will reference Docu Sign or some other document storage application.
Step No. 2: You are asked to click on a link in order to sign in, open and view the documents.
Step No. 3: The link opens another page and you are asked to sign in with your Microsoft account information or your email address and password.
Step No. 4: If you click on the link and sign in, your email address and password are immediately sent to the hacker.
Step No. 5: Once they have your email address and password, they will be able to log into your email account or spoof your email and send/receive email as if they were you. Recipients will see the incoming email coming from your address. Or, the hacker can set up your email account in their local Outlook program on their computer and send/receive email as if they were you.
It is not unusual for the hacker to do nothing for several days. They will log in and out of your email account just to see if you have changed your password. After several days, when they see they still have access to your account, they will begin sending malicious emails to individuals in your contact list.
We have also seen an incident where the hacker logged into a user’s account and configured email Rules on the Exchange server that diverted incoming email.
What to do if you are targeted?
If you receive one of these DocuSign emails or a similar type of email request, call the sender and make sure the email was actually sent by the person. If not, delete the email. DO NOT CLICK ON THE LINK OR SUPPLY YOUR EMAIL ADDRESS OR PASSWORD. If you have a situation where someone clicked through and signed in, you should change your email passwords right away.
How can you protect your company from this type of scam?
- Communicate with your staff on a regular basis of the potential threats out there and the steps to take against them. Make sure everyone in your company is well-versed on what to look out for when it comes to email scams. Anytime you hear of a particular scam, send an immediate notification out to everyone on your staff and any outsiders who also use your network. Security issues should not be tacked with a one-and-done approach; there should be a constant drip of information.
- Advise all employees to verify a suspicious and unexpected email by calling the actual sender.
Steve Giordano is president of TeamLogic IT. Learn more about the company by clicking here.