A bizarre email address or an obvious misspelling are good indicators that the recent email telling you to reset your Apple ID password isn’t what it seems. But there are more sophisticated (and believable) phishing attacks you have to watch out for, like the recent Google Docs scam that linked out to a legit-looking web app. Last week, DocuSign spotted an uptick in phishing emails imitating the company’s branding. Being in the business of secure document management, it’s not uncommon for DocuSign’s name to be on the face of a phishing email; but upon further investigation the firm discovered why this particular campaign was so targeted: It’d been hacked.
As it turns out, “a malicious third party” had managed to break into a “non-core system” that DocuSign uses to send out service announcement emails. This is why the phishing campaign has been so accurately targeting customers, though the red flag here is that emails ask recipients to download a Microsoft Word document (containing malware), which isn’t something a genuine DocuSign email would ever request.
The company stresses the breached system contained only a list of email addresses, that it has since been secured, and that all other data and services were untouched. Obviously it’s still not a good look for DocuSign given data security is an integral part of its pitch, but it’s an important reminder that just because an email looks above board at first glance doesn’t mean it can be trusted.
Via: Krebs on Security