Everything On DocuSign Phishing Attacks in 3 Minutes
- by Brittany Day
Microsoft 365 email risk is greater than ever. Cybercriminals are exploiting remote workers’ increased reliance on cloud email, misconfigured cloud platforms and heightened anxieties surrounding COVID-19 to steal users’ credentials and compromise accounts. Learn about the serious threat that DocuSign phishing poses to Microsoft 365 users, alerts about DocuSign Phishing and how you can protect yourself in this quick, informative read.
How A DocuSign Phishing Scam Works
Threat actors are upping their attack game in Microsoft 365 - employing sophisticated tactics such as impersonating DocuSign email notifications to steal employees’ credentials, which can be used to access important business documents. In such an attack, a user receives a fraudulent email mimicking the content seen in legitimate emails sent by Docusign to notify a user that there is a document ready for them to review. The phony email contains a malicious payload link concealed in text and hosted via multiple redirects designed to confuse victims, and to bypass simple URL detection in emails that aren’t able to crawl numerous redirects. If a victim falls for such a scam, his or her DocuSign login credentials and business email account credentials, as well as any sensitive information stored on these accounts, are compromised.
Some Notable Stats
- According to the FBI, 30% of phishing attacks make it through existing systems and are opened by target users.
- Osterman Research reports that despite existing protection, 40% of Microsoft 365 users have experienced credential theft nevertheless.
- During the month of May of 2020 Guardian Digital EnGarde Cloud Email Security identified more phishing emails targeting cloud email users than in any month prior since the company’s inception in 1999.
How To Stay Safe in Microsoft 365
Implement a threat-ready, fully-managed cloud email security solution that seamlessly complements Microsoft’s insufficient default protection, providing the critical additional layers of security that Microsoft 365 lacks. Defense-in-depth is crucial in fortifying cloud email against today’s advanced threats.
We provide additional tips and advice for staying safe online while working remotely in a recent blog post.
The Bottom Line
With an increase in complex attacks targeting cloud email users, it is more critical than ever to ensure that remote workers are protected in Microsoft 365. Microsoft 365 default security alone is alarmingly insufficient in safeguarding users, and conventional security solutions are no longer able to keep pace with attackers' sophisticated tactics. A comprehensive, multi-layered approach to email security is needed to fortify Microsoft 365 email against DocuSign phishing scams and other emerging exploits.
Download our free eGuide to learn more about protecting users in Microsoft 365.
Must Read Blog Posts
- Demystifying Phishing Attacks: How to Protect Yourself Now
- What You Need to Know to Shield Your Business from Ransomware
- Shortcomings of Endpoint Security in Securing Business Email
- Microsoft 365 Email Security Limitations You Should Know
- Complete Guide to Email Viruses & Best Practices to Avoid Infections
Latest Blog Articles
- Thinking Strategically about Email Security in 2021 and Beyond
- Open Source: A Powerful, Yet Underutilized Weapon against Phishing & Zero-Day Attacks
- Buyer's Guide: What to Prioritize in an Email Security Solution
- Buyer's Guide to Microsoft 365 & Workspace Email Security
- EnGarde Cloud Email Security: The Logical Solution to Cyber Risk in Microsoft 365
- Exchange Servers Are Vulnerable - Learn How To Secure Your Email Server Now
- Top Email Security Risks in 2021 - How To Set Your Business Up for Safety & Success
- Ransomware By The Numbers: How Big Is My Risk?
- SMB Ransomware Warnings & How To Prevent an Attack
- Apache SpamAssassin 3.4.6 Release Fixes Two Potentially Aggravating Bugs