Hackers Target DocuSign, BT Customers with Phishing Emails
Customers of DocuSign and U.K. telecommunications firm BT have been warned about phishing emails sent over the past week that appear legitimate, but contain malicious links. Here’s what you need to know about the two separate phishing instances.
DocuSign Customer Emails Stolen
DocuSign reported last week that stolen customer email addresses were used in a phishing attack that sent out emails on three separate days in May. DocuSign has told customers to filter or delete emails with these subject lines:
- Completed: [domain name] – "Wire transfer for recipient-name Document Ready for Signature"
- Completed [domain name/email address] – "Accounting Invoice [Number] Document Ready for Signature"
- Subject: “Legal acknowledgement for [recipient username] Document is Ready for Signature”
According to a statement from DocuSign, “if a recipient clicks on the link in the phishing email, a Word Document will automatically be downloaded. In order to initialize the malware, the recipient will need to open the Word Document, and enable Microsoft Office Macros.”
The company has assured its customers that no signers were on the list of email addresses that was accessed by hackers, unless they had signed up for a DocuSign account.
The company is keeping customers informed through its security status page.
BT Scam Relies on WannaCry Ransomware Panic
As companies of all sizes sought to protect their organizations from the WannaCry ransomware, some hackers took advantage of this hysteria through a phishing campaign targeted at BT customers.
The phishing email appeared as though it was sent by BT, with a very convincing domain and branding, authorities said, which “could easily catch out those who are concerned about the security of their data after the global attack”, referring to the WannaCry ransomware.
— Action Fraud (@actionfrauduk) May 18, 2017
Customers were reminded to not click any links, and to check the email header to identify the true source of the communication. It is also worthwhile for customers to contact a company directly through their website if they are concerned about the source of an email.