Everything On DocuSign Phishing Attacks in 3 Minutes

Microsoft 365 email risk is greater than ever. Cybercriminals are exploiting remote workers’ increased reliance on cloud email, misconfigured cloud platforms and heightened anxieties surrounding COVID-19 to steal users’ credentials and compromise accounts. Learn about the serious threat that DocuSign phishing poses to Microsoft 365 users, alerts about DocuSign Phishing and how you can protect yourself in this quick, informative read.

How A DocuSign Phishing Scam Works 

Threat actors are upping their attack game in Microsoft 365 - employing sophisticated tactics such as impersonating DocuSign email notifications to steal employees’ credentials, which can be used to access important business documents. In such an attack, a user receives a fraudulent email mimicking the content seen in legitimate emails sent by Docusign to notify a user that there is a document ready for them to review. The phony email contains a malicious payload link concealed in text and hosted via multiple redirects designed to confuse victims, and to bypass simple URL detection in emails that aren’t able to crawl numerous redirects. If a victim falls for such a scam, his or her DocuSign login credentials and business email account credentials, as well as any sensitive information stored on these accounts, are compromised. 

Some Notable Stats

• According to the FBI, 30% of phishing attacks make it through existing systems and are opened by target users.
• Osterman Research reports that despite existing protection, 40% of Microsoft 365 users have experienced credential theft nevertheless.
• During the month of May of 2020 Guardian Digital EnGarde Cloud Email Security identified more phishing emails targeting cloud email users than in any month prior since the company’s inception in 1999.

How To Stay Safe in Microsoft 365

Implement a threat-ready, fully-managed cloud email security solution that seamlessly complements Microsoft’s insufficient default protection, providing the critical additional layers of security that Microsoft 365 lacks. Defense-in-depth is crucial in fortifying cloud email against today’s advanced threats.

We provide additional tips and advice for staying safe online while working remotely in a recent blog post.

The Bottom Line

With an increase in complex attacks targeting cloud email users, it is more critical than ever to ensure that remote workers are protected in Microsoft 365. Microsoft 365 default security alone is alarmingly insufficient in safeguarding users, and conventional security solutions are no longer able to keep pace with attackers' sophisticated tactics. A comprehensive, multi-layered approach to email security is needed to fortify Microsoft 365 email against DocuSign phishing scams and other emerging exploits.

Download our free eGuide to learn more about protecting users in Microsoft 365.