10 Nov 2024 - AJ
The elections here in the U.S. have taken my attention away from my normal scanning of various scam-reporting sites. However, one of my coworkers pointed this one out prior to election day and I couldn’t resist.
Until I started writing about this scam/phish, I didn’t realize that it’s essentially 75% the old Toner Scam but cleverly using peoples’ trust in the actual DocuSign urls to lend it an air of legitimacy. This doesn’t make it any less interesting as the DocuSign angle is clearly a new twist. Those of us who have an interest in user education have long taught people tocheck to make sure an email does come from and link to DocuSign before opening it- and now scammers are tricking people who have internalized that into trusting their phishes more.
It’s a good reminder to people such as myself that we can’t just say “yes, it came from DocuSign, it’s safe”; we have to also get it into our users’ heads that even if something came from seemingly the safest place possible you should still think.
For that matter, when I was checking into this, I was reminded that DocuSign has had previous issues with this kind of behavior - but prior to that it was easier to spot as it used a very specific DocuSign domain aimed at people seeing if they wanted to sign on with DocuSign and thus was easier to spot.