Phishing attacks involving non-executive staff with access to sensitive corporate information are on the rise. According to Avanan researchers, non-executives were impersonated in half of all phishing emails reviewed in the previous several months, while 77% targeted employees at the same level.
Previously, phishing attacks were aimed at fooling business people, with phishing actors impersonating CEOs and CFOs. After gathering the appropriate information, attackers will pose as the company's CEO or another high-ranking official and send an email to finance personnel requesting money transfers to an account they control.
"Security admins might be spending a lot of time providing extra attention to the C-Suite and hackers have adjusted. At the same time, non-executives still hold sensitive information and have access to financial data. Hackers realized, there is no need to go all the way up the food chain," researchers said.
This made sense because sending orders and making urgent requests as a high-ranking employee enhances the likelihood of the receiver complying with these messages. Phishing actors switched to lower-ranking individuals who can nonetheless serve as great entry points into corporate networks, as CEOs became more alert and security teams in large firms built additional measures around those "important" accounts.
In their emails, the malicious actors suggest using DocuSign as an alternative signing option, prompting recipients to enter their credentials in order to read and sign the document. These emails are not from DocuSign, despite the fact that they appear to be.
DocuSign, Inc. is an American firm based in San Francisco, California that helps businesses handle electronic contracts. DocuSign's Agreement Cloud includes eSignature, which allows users to sign documents electronically on a variety of devices. DocuSign has over a million customers and hundreds of millions of users across the globe. DocuSign's signatures, including EU Advanced and EU Qualified Signatures, are consistent with the US ESIGN Act and the European Union's eIDAS regulation.
Rather than spoofing DocuSign notifications, phishing scammers were signing up for free accounts with the cloud-based documented signature service and compromising the accounts of others in August, according to researchers, in order to fool email recipients into clicking on malicious links.
When an email appears in your inbox, it's vital to read it carefully for any signs of fraud. According to the researchers, unsolicited files, spelling errors, and requests for your credentials should all be treated with caution. Phishing attempts based on DocuSign aren't exactly new, and several threat actors have taken use of them to steal login passwords and transmit malware.
