Hackers target DocuSign with new phishing threat — watch out, you could be signing your data away

Sead Fadilpašić

May 17, 2024 at 12:19 PM·2 min read

Hackers are stealing people’s DocuSign accounts to make their Business Email Compromise (BEC) attacks seem more authentic, and thus, more successful.

A report from cybersecurity researchers at Abnormal, say they observed an uptick in attacks looking to steal people’s DocuSign login credentials.

As per the report, it all starts on a dark web forum, where a hacker creates, and then sells, credible-looking DocuSign notification email templates. These templates are picked up by other threat actors, which use them to try and trick people into attempting to view, or sign, an important document. That is when the attackers obtain the victims’ DocuSign login credentials which are then either sold back on the dark web, or used in the second stage of the attack.

Business email compromise

The second stage includes sifting through the documents found in the victim’s DocuSign account. People often store sensitive and confidential information there, so the hackers start looking for contracts, vendor agreements, or upcoming payment information. That way they can identify high-value targets and formulate the right type of approach for maximum efficiency. They often also look for compromising information which could be used in blackmail.

If the right type of information is found, the attackers will proceed to impersonate the company, send fake emails to business partners, clients, and similar, asking for some form of payment or fund transfer. To make the attack even more credible, the hackers will often add fake contracts through the compromised DocuSign account, and time the emails in such a way that it doesn’t raise too many alarms.

As with any other phishing attack, the best way to defend is to be skeptical of incoming email, especially if they carry links, attachments, and a sense of urgency. Phishing emails often come from unrelated domains, so cross-checking the email address from which the message came is always a good place to start.

More from TechRadar Pro

Ransomware and BEC are seeing a huge rise — is your business ready?
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

TechCrunch
DocuSign acquires AI-powered contract management firm Lexion
As DocuSign reportedly explores a sale to private equity, it's acquiring a company itself. On Monday, DocuSign (which now prefers to go by Docusign, with a lowercase "S," a PR rep from the company tells me) announced that it's buying Lexion, a contract workflow automation startup, for $165 million. The purchase comes as DocuSign makes increasing investments in the contract management space, most recently launching DocuSign IAM, a service aimed at connecting different components of the corporate agreement creation and negotiation process.
Yahoo Sports
Real Madrid, Champions League king once again, has conquered the unconquerable
There is no common thread, no coherent explanation for six Champions League titles in 11 years.
Yahoo Sports
USWNT blanks South Korea 4-0 as Emma Hayes era begins
Mallory Swanson and Tierna Davidson each netted a brace in the win.
Yahoo Life Shopping
This No. 1 bestselling shower caddy set can hold up to 40 pounds — and it's on sale for $18
'Now everything is contained nicely and doesn’t look cluttered,' one fan says.
Yahoo Life Shopping
This gadget makes iced tea in just ten minutes and it's down to $25: 'My tea tastes better'
Get ready to sip away summer, at a discount.
Engadget
Netflix’s animated Tomb Raider series now has a release date
Tomb Raider: The Legend of Lara Croft is coming to Netflix on October 10. Netflix announced the release date today along with a new trailer. The animated series picks up after the events of the Survivor Trilogy
Yahoo Sports
UFC 302 live results: Updates, highlights, odds, analysis as Islam Makhachev faces Dustin Poirier
Follow the action right here on Yahoo Sports with our live blog where we'll be sharing all of the latest results and highlights throughout the entire card.
Engadget
You can now watch Godzilla Minus One at home on Netflix
Netflix announced the surprise release today, coinciding with the film’s arrival for digital purchase and rental on VOD platforms including Prime Video and Apple TV. The black-and-white version will come to Netflix later this summer.
TechCrunch
Fisker collapsed under the weight of its founder's promises
Over the past eight years, famed vehicle designer Henrik Fisker suggested his EV startup would deliver on a lot of promises, but none came true. As Fisker looks for an unlikely rescue, employees told TechCrunch that the blame rests largely on the shoulders of the husband-and-wife team who steer the company. The AI startup raised $6 billion at an $18 billion pre-money valuation as it aims to compete with OpenAI, Microsoft and Alphabet.
TechCrunch
President Biden vetoes crypto custody bill
President Joe Biden has vetoed H.J.Res. 109, a congressional resolution that would have overturned the Securities and Exchange Commission's current approach to banks and crypto. Specifically, the resolution targeted the SEC’s Staff Accounting Bulletin 121, which presents guidance around how banks can handle customers’ crypto assets — in effect, they must treat those assets as liabilities.
Yahoo News
Mexico marks deadliest election campaign in its modern history as country moves to elect 1st female president. Here's what to know.
A total of 37 candidates have been assassinated ahead of Sunday’s vote in Mexico, a security consultancy says.
Yahoo Sports
Champions League final: Real Madrid surges late for 2–0 victory over Dortmund
Dani Carvajal and Vinicius Junior scored goals in the second half to give Real Madrid its 15th Champions League title with a 2–0 win over Borussia Dortmund.
Yahoo Life Shopping
The best Amazon deals this weekend — snag Apple, Ninja, Black+Decker at deep discounts
Save up to 80% on everything from vacuums to patio sets while scoring super-low prices on top brands like Bissell, Ninja and more.
Yahoo Life Shopping
This Hawaiian Tropics after sun is just $10: 'I’m 62 and people think I’m in my late 40’s'
This No. 1 bestselling body butter is luxurious, deeply hydrating and 'smells like vacation.'
Engadget
Starliner’s first crewed flight gets scrubbed just before launch
The first crewed launch of Boeing’s Starliner capsule has once again been called off, this time after an automatic hold was issued by the ground launch sequencer less than four minutes before liftoff.
TechCrunch
You can no longer use Tumblr’s tipping feature
The reason for shutting down the feature is simple: it failed to gain traction. Additionally, it has been Tumblr's plan since last year's reorg to put an end to things that aren't performing well. In 2022, Tumblr introduced Tips as a complementary feature to Post+, its subscription offering that allowed creators to put content behind a paywall.
Yahoo Life Shopping
Eva Longoria adores this L'Oreal anti-aging eye cream — and it's 50% off
This anti-aging treatment helps keep fine lines and puffiness in check — all for just $14.
Yahoo Life Shopping
No more 'hat hair': The ingenious adjustable visor you need for vacation is just $20
Your next trip is about to get a lot shadier — in a good way.
Yahoo Life Shopping
'Lifesaver for my severe back pain': This bolster pillow is just $23 at Amazon
More than 8,000 shoppers rave about this cushion.
Yahoo Life Shopping
This flowy, flattering frock deserves to be your go-to summer wedding outfit — it's over 60% off
This dress has over 5,000 five-star fans on Amazon, many of whom called it 'perfect' for warmer weather.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Hackers target DocuSign with new phishing threat — watch out, you could be signing your data away

Business email compromise

More from TechRadar Pro

Recommended Stories

DocuSign acquires AI-powered contract management firm Lexion

Real Madrid, Champions League king once again, has conquered the unconquerable

USWNT blanks South Korea 4-0 as Emma Hayes era begins

This No. 1 bestselling shower caddy set can hold up to 40 pounds — and it's on sale for $18

This gadget makes iced tea in just ten minutes and it's down to $25: 'My tea tastes better'

Netflix’s animated Tomb Raider series now has a release date

UFC 302 live results: Updates, highlights, odds, analysis as Islam Makhachev faces Dustin Poirier

You can now watch Godzilla Minus One at home on Netflix

Fisker collapsed under the weight of its founder's promises

President Biden vetoes crypto custody bill

Mexico marks deadliest election campaign in its modern history as country moves to elect 1st female president. Here's what to know.

Champions League final: Real Madrid surges late for 2–0 victory over Dortmund

The best Amazon deals this weekend — snag Apple, Ninja, Black+Decker at deep discounts

This Hawaiian Tropics after sun is just $10: 'I’m 62 and people think I’m in my late 40’s'

Starliner’s first crewed flight gets scrubbed just before launch

You can no longer use Tumblr’s tipping feature

Eva Longoria adores this L'Oreal anti-aging eye cream — and it's 50% off

No more 'hat hair': The ingenious adjustable visor you need for vacation is just $20

'Lifesaver for my severe back pain': This bolster pillow is just $23 at Amazon

This flowy, flattering frock deserves to be your go-to summer wedding outfit — it's over 60% off