Surge in DocuSign Phishing Scams Targets U.S. Citizens and Government Agencies
Recent cybersecurity reports reveal a significant uptick in phishing scams utilizing DocuSign, demonstrating a staggering 98% increase in malicious URLs between November 8 and November 14, compared to September and October combined. SlashNext, a cybersecurity threat research team, has identified hundreds of daily phishing attempts, many of which impersonate various U.S. government agencies such as the Department of Health and Human Services (HHS) and the Maryland Department of Transportation (MDOT).
The modus operandi of these phishing attacks begins when unsuspecting businesses receive ostensibly legitimate requests from DocuSign, crafted to imitate official communications from government bodies. The attackers exploit the trust associated with recognized organizations by utilizing actual DocuSign accounts and APIs, making the fraudulent messages appear credible. For instance, a contractor might receive an email ostensibly from HHS or MDOT prompting them to open a document that ultimately requests sensitive information or seeks consent for unauthorized transactions.
This surge in phishing attempts has raised significant concerns regarding the security practices within organizations, as the authenticity of these requests often leads targets to comply without rigorous verification. Earlier this month, SlashNext issued warnings regarding another phishing scheme that leveraged the valid DocuSign API to bypass spam filters and deliver fake invoices. Such tactics indicate a calculated effort to breach organizational defenses and highlight the adaptability of cybercriminals.
According to a report by SlashNext, which was shared prior to its publication, the primary targets of these phishing campaigns are U.S. citizens, government entities, and municipal offices. The reported incidents have involved attempts to impersonate several institutions, including the North Carolina Electronic Vendor Portal and local authorities from cities like Milwaukee, Charlotte, and Houston.
The implications of this phishing activity are profound, as malicious actors can manipulate even well-informed organizations into compromising their security protocols. Cybersecurity experts underscore the necessity of implementing robust, multi-layered security strategies to safeguard against such sophisticated social engineering tactics. Jason Soroko, a Senior Fellow at Sectigo, emphasized that it is vital to address the vulnerabilities that allow these attacks to succeed, particularly the lack of verification mechanisms for the legitimacy of requests.
Given the nature of these phishing attacks, tactics from the MITRE ATT&CK framework are relevant. Adversary techniques such as initial access, where phishers gain entry through deceptive emails, and credential dumping, where they seek to harvest sensitive information, are critical in understanding the security failures exploited by these malicious actors. This framework assists organizations in identifying potential weaknesses in their defenses and encourages re-evaluation of their verification processes.
As incidents of this nature continue to rise, it becomes increasingly important for businesses to recognize the evolving landscape of cyber threats and adapt their security measures accordingly. Heightened attention to verification and authentication in digital communication channels may prove essential in reclaiming lost trust in electronic transactions.