A Deep Dive into an Ingenious Phishing Attack

There’s a new and concerning trend in the world of cyber threats: a phishing attack trend we recently detected this morning. This innovative method is more deceptive and significantly more sophisticated than its predecessors. It is almost guaranteed to get around any email security or advanced phishing protection you may have.

Before we dig into this specific type of phishing, we want to explain a little about phishing overall. A phishing email is a cyberattack designed to trick individuals into divulging sensitive information. They might be ‘fishing’ for passwords, credit card numbers, or personal identification details. It typically involves sending an email that appears to be from a legitimate source, such as a well-known company, a financial institution, or a trusted individual. These emails often create a sense of urgency or fear, prompting the recipient to act immediately.

Key Characteristics of Phishing Emails

  1. Deceptive Appearances: They often mimic the design, logo, and language of legitimate emails from reputable organizations.
  2. Urgent Requests: The email might urge you to act quickly, often warning of a security breach, account suspension, or a time-sensitive offer.
  3. Suspicious Links or Attachments: They frequently contain links or attachments that, when clicked or opened, can lead to malicious websites or download malware onto your device.
  4. Request for Personal Information: Phishing emails commonly ask for personal details, login credentials, financial information, or other sensitive data.
  5. Spelling and Grammar Mistakes: While some phishing attempts are sophisticated, others might contain noticeable spelling and grammatical errors.
  6. Unusual Sender Email Addresses: The email address may look suspicious or slightly altered from the genuine one, although advanced phishing attempts can effectively spoof email addresses to look authentic.

Recognizing and understanding the nature of phishing emails is crucial for personal and organizational cybersecurity, as falling victim to such attacks can lead to identity theft, financial loss, and data breaches.

A Recent Phishing Email Example

The phishing example we will dive into today is different from your typical phishing email because it doesn’t try to mimic the design of a reputable organization; it has the email sent out from that reputable organization. In this particular example, it was DocuSign. In reviewing the initial email, everything points to it coming from DocuSign because it does come from DocuSign. All links go to the legitimate DocuSign website.

The only indicator of potential phishing is the sender’s email address in the middle of the document-signing process.

Upon clicking the “Review Document” link, you’ll land on the official DocuSign website. Everything will seem normal and familiar there.

If you select to Continue to the document, this is where it gets a little more fishy. You’ll encounter a message indicating that Microsoft transmitted the document and locked it as a security measure, rather than the usual document with information and a signature field. To access the document, you need to authenticate your Microsoft account, and a link is presented.

If that wasn’t enough of a red flag, hovering over the “Open Document” link lets you see that it takes you to an unknown site that is definitely not somewhere you want to go.

What to Look for to Identify Phishing

Though unconventional, you can apply standard precautions to avoid falling for deceptive tactics aimed at stealing credentials and sensitive information.

  1. Deceptive Appearances: In this example, the initial email was not deceptive, but the document in DocuSign was misleading.
  2. Urgent Requests: This example indicated that the document was related to Benefits, Compensation, and Salary for your review. At the same time, they didn’t have any wording or phrases suggesting that it was urgent. Typically, things related to getting paid are a high priority.
  3. Suspicious Links or Attachments: The original email contained no suspicious links or attachments, but the document inside DocuSign did.
  4. Request for Personal Information: The document states that you must authenticate with Microsoft and provide your Microsoft credentials.
  5. Spelling and grammar mistakes: This example contained no glaring spelling or grammar mistakes. It is still important to pay attention to this. In the new era of ChatGPT and other AI tools, it is much easier for threat actors to correct spelling and grammar.
  6. Unusual Sender Email Address: [email protected] initiated the original email, even though it appeared to be from DocuSign. Threat actors commonly use free email services such as gmail.com, yahoo.com, and outlook.com to create email addresses for phishing campaigns. Be wary of anything coming from free email services unless you know and recognize the sender’s name and email.

By understanding the tactics used by cybercriminals and recognizing the red flags of phishing attempts, we can significantly reduce our vulnerability to these attacks. Remember, cybersecurity is not just a technical challenge but a continuous personal commitment. Stay cautious, question the unexpected, and never hesitate to verify the authenticity of any suspicious communication. By sharing knowledge and adopting innovative online practices, we can create a safer digital space for everyone. If you have any questions about phishing emails or how you can train your employees to catch them before they become an issue, we’d love to chat with you. Reach out to us today and schedule a one-on-one session!

Learn about Cybersecurity in Your Industry
w/ our FREE Weekly Briefings

Discover how you can lead the effort to design and implement an effective cybersecurity plan—based on strategies specific to your industry—by reserving a seat at our free 30-minute cybersecurity briefing.
Stop feeling vulnerable and start enjoying running your business again—free from worry about cyberattacks.

Schedule a call today, so you can stop feeling vulnerable and start enjoying running your business again—free from worry about technology and cyber attacks.