Unmasking the Latest Cyber Threat: A Deep Dive into an Ingenious Phishing Attack

There’s a new and concerning trend in the world of cyber threats: a phishing attack trend we recently detected this morning. This innovative method is more deceptive and significantly more sophisticated than its predecessors. It is almost guaranteed to get around any email security or advanced phishing protection you may have.

Before we dig into this specific type of phishing, we want to explain a little about phishing overall. A phishing email is a cyber attack designed to trick individuals into divulging sensitive information, such as passwords, credit card numbers, or personal identification details. It typically involves sending an email that appears to be from a legitimate source, such as a well-known company, a financial institution, or a trusted individual. These emails often create a sense of urgency or fear, prompting the recipient to act immediately.

Key Characteristics of Phishing Emails

1. Deceptive Appearances: They often mimic the design, logo, and language of legitimate emails from reputable organizations.
2. Urgent Requests: The email might urge you to act quickly, often warning of a security breach, account suspension, or a time-sensitive offer.
3. Suspicious Links or Attachments: They frequently contain links or attachments that, when clicked or opened, can lead to malicious websites or download malware onto your device.
4. Request for Personal Information: Phishing emails commonly ask for personal details, login credentials, financial information, or other sensitive data.
5. Spelling and Grammar Mistakes: While some phishing attempts are sophisticated, others might contain noticeable spelling and grammatical errors.
6. Unusual Sender Email Addresses: The email address may look suspicious or slightly altered from the genuine one, although advanced phishing attempts can effectively spoof email addresses to look authentic.

Recognizing and understanding the nature of phishing emails is crucial for personal and organizational cybersecurity, as falling victim to such attacks can lead to identity theft, financial loss, and data breaches.

A Recent Phishing Email Example

The phishing example we will dive into today is different from your typical phishing email because it doesn’t try to mimic the design of a reputable organization; it has the email sent out from that reputable organization. In this particular example, it was DocuSign. In reviewing the initial email, everything points to it coming from DocuSign because it does come from DocuSign. All links go to the legitimate DocuSign website.

The only indicator that this might be phishing is the email address in the middle of who sent the document for signature.

After clicking on the Review Document link and being taken to the DocuSign website, everything looks ordinary and familiar because it is, in fact, the official DocuSign website.

If you select to Continue to the document, this is where it gets a little more fishy. Instead of seeing the typical document with information and a signature field, you are presented with a message indicating that the document was transmitted via Microsoft and is locked as a security measure. To access the document, you need to authenticate your Microsoft account, and a link is presented.

If that wasn’t enough of a red flag, hovering over the “Open Document” link lets you see that it takes you to an unknown site that is definitely not somewhere you want to go.

While this is not your typical phishing email, you can follow the same guidelines to ensure you are not falling for the deceptive techniques employed to steal credentials and other company or individual information.

1. Deceptive Appearances: In this example, the initial email was not deceptive, but the document in DocuSign was misleading.
2. Urgent Requests: This example indicated that the document was related to Benefits, Compensation, and Salary for your review. At the same time, they didn’t have any wording or phrases suggesting that it was urgent; typically, things related to getting paid are a high priority.
3. Suspicious Links or Attachments: The original email contained no suspicious links or attachments, but the document inside DocuSign did.
4. Request for Personal Information: The document states that you must authenticate with Microsoft and provide your Microsoft credentials.
5. Spelling and grammar mistakes: This example contained no glaring spelling or grammar mistakes. It is still important to pay attention to this, but in the new era of ChatGPT and other AI tools, it is much easier for threat actors to correct spelling and grammar.
6. Unusual Sender Email Address: While the original email was from DocuSign, it was initiated by [email protected]. Threat actors commonly use free email services such as gmail.com, yahoo.com, and outlook.com to create email addresses for phishing campaigns. Be wary of anything coming from free email services unless you know and recognize the sender’s name and email.

By understanding the tactics used by cybercriminals and recognizing the red flags of phishing attempts, we can significantly reduce our vulnerability to these attacks. Remember, cybersecurity is not just a technical challenge but a continuous personal commitment. Stay cautious, question the unexpected, and never hesitate to verify the authenticity of any suspicious communication. By sharing knowledge and adopting innovative online practices, we can create a safer digital space for everyone. If you have any questions about phishing emails or how you can train your employees to catch them before they become an issue, we’d love to chat with you. Reach out to us today and schedule a one-on-one session!