Everything On DocuSign Phishing Attacks in 3 Minutes
- by Brittany Day
Microsoft 365 email risk is greater than ever. Cybercriminals are exploiting remote workers’ increased reliance on cloud email, misconfigured cloud platforms and heightened anxieties surrounding COVID-19 to steal users’ credentials and compromise accounts. Learn about the serious threat that DocuSign phishing poses to Microsoft 365 users, alerts about DocuSign Phishing and how you can protect yourself in this quick, informative read.
How A DocuSign Phishing Scam Works
Threat actors are upping their attack game in Microsoft 365 - employing sophisticated tactics such as impersonating DocuSign email notifications to steal employees’ credentials, which can be used to access important business documents. In such an attack, a user receives a fraudulent email mimicking the content seen in legitimate emails sent by Docusign to notify a user that there is a document ready for them to review. The phony email contains a malicious payload link concealed in text and hosted via multiple redirects designed to confuse victims, and to bypass simple URL detection in emails that aren’t able to crawl numerous redirects. If a victim falls for such a scam, his or her DocuSign login credentials and business email account credentials, as well as any sensitive information stored on these accounts, are compromised.
Some Notable Stats
- According to the FBI, 30% of phishing attacks make it through existing systems and are opened by target users.
- Osterman Research reports that despite existing protection, 40% of Microsoft 365 users have experienced credential theft nevertheless.
- During the month of May of 2020 Guardian Digital EnGarde Cloud Email Security identified more phishing emails targeting cloud email users than in any month prior since the company’s inception in 1999.
How To Stay Safe in Microsoft 365
Implement a threat-ready, fully-managed cloud email security solution that seamlessly complements Microsoft’s insufficient default protection, providing the critical additional layers of security that Microsoft 365 lacks. Defense-in-depth is crucial in fortifying cloud email against today’s advanced threats.
We provide additional tips and advice for staying safe online while working remotely in a recent blog post.
The Bottom Line
With an increase in complex attacks targeting cloud email users, it is more critical than ever to ensure that remote workers are protected in Microsoft 365. Microsoft 365 default security alone is alarmingly insufficient in safeguarding users, and conventional security solutions are no longer able to keep pace with attackers' sophisticated tactics. A comprehensive, multi-layered approach to email security is needed to fortify Microsoft 365 email against DocuSign phishing scams and other emerging exploits.
Download our free eGuide to learn more about protecting users in Microsoft 365.
Must Read Blog Posts
- Demystifying Phishing Attacks: How to Protect Yourself in 2023
- What You Need to Know to Shield Your Business from Ransomware
- Shortcomings of Endpoint Security in Securing Business Email
- Microsoft 365 Email Security Limitations You Should Know in 2023
- Complete Guide to Email Viruses & Best Practices to Avoid Infections in 2023
- How Phishing Emails Bypass Microsoft 365 Default Security
Phishing Is Evolving
Latest Blog Articles
- Is Zero Trust Beneficial For Businesses?
- Combating the Cyber Risks of Misconfigured Cloud Services
- The Cost of Phishing For Businesses
- What Is A Business Impersonation Attack?
- What Is S/MIME and How Can It Secure Email?
- How to Create an Effective Cybersecurity Business Continuity Plan
- Emerging Phone Scams Capable of Evading Email Security
- Complete Guide to Phishing for Businesses: What is Phishing? Protect Your Organization From Phishing Attacks
- What You Need to Know to Shield Your Business from Ransomware
- Demystifying Phishing Attacks: How to Protect Yourself in 2023
