Infosecurity Magazine reported:
A rise in sophisticated phishing attacks leveraging DocuSign impersonations to target businesses interacting with state and municipal agencies has been uncovered by threat researchers.
In a typical scenario, contractors receive an urgent DocuSign request that mimics communication from a regulatory agency.
“The flaw is that the victim has been given no way to verify the request’s source. It’s essentially a break in trust. This flaw will require a rethink of how to provide signature requests, and it will likely mean some kind of strong authentication method.”
“One tip would be for those employees who use DocuSign regularly is to install the app on your phone as well,” said John Bambenek, President at Bambenek Consulting.
In a typical scenario, contractors receive an urgent DocuSign request that mimics communication from a regulatory agency.
“The flaw is that the victim has been given no way to verify the request’s source. It’s essentially a break in trust. This flaw will require a rethink of how to provide signature requests, and it will likely mean some kind of strong authentication method.”
“One tip would be for those employees who use DocuSign regularly is to install the app on your phone as well,” said John Bambenek, President at Bambenek Consulting.
Find the original article here.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat