Hackers fake DocuSign and offer fraudulent signing methods

A magnifying glass focusing on the DocuSign logo as seen on its website
(Image credit: Shutterstock)

Security researchers have revealed criminals’ new tactics to impersonate major brands to steal and harvest victims’ credentials.

Researchers at Avanan, a Check Point company, said hackers impersonate major brands to perform phishing attempts. One frequently seen attempt mimics legit communications from DocuSign.

When DocuSign sends an email, it offers recipients an “Alternative Signing Method.” DocuSign prompts the recipient to visit https://www.docusign.com and enter a security code the company generates. This site then offers users more than one option to access and electronically sign their documents.

In a recent campaign researchers are following, hackers send an email that impersonates DocuSign from a docusign.net address that appears to be on behalf of an administrator. In this email, the attackers request the user view and sign a document and offer an alternative signing method.

The link to the alternative method leads users to a fake website where they must enter their password. Hackers then steal the email address and password as part of a credential harvesting campaign.

Researchers revealed other commonly impersonated brands, which tend to be trusted and popular ones. The top three most impersonated brands are Microsoft, which is related to 45% of all brand phishing attempts globally, DHL (26%), and Amazon (11%).


The state of brand protection 2021

A new front opens up in the war for brand safety


Other research carried out by the company found that 51.9% of all impersonation emails attempted to impersonate a non-executive in the organization. Non-executives are targeted 77% more often than other members of an organization.

“There are a few reasons behind this. One, security admins might be spending a lot of time providing extra attention to the C-Suite and hackers have adjusted. Two, non-executives still hold sensitive information and have access to financial data. There is no need to go all the way up the food chain,” said Jeremy Fuchs, content manager at Avanan.

Fraudulent digital signature use has led some companies to increase security surrounding e-signatures. For example, ESign Genie announced its digital signature platform would support knowledge-based authentication by adding an extra layer of security through authenticating document recipients’ identities before issuing viewing or editing rights. Esign Genie’s feature improves the security of sensitive, private, or protected documents by mandating a Social Security number.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.