Gabi Power 17 February 2023 13:45:27 AEDT 5 MIN READ

Fake DocuSign Email Alert Attempts to Steal Microsoft Passwords

A crafty new scam is doing the rounds, which targets unsuspecting employees and tricks them into opening what they believe is a company payslip.  

The email lands in inboxes with the subject line “Reminder: Please DocuSign: [Company Name] Payslips/ Payroll – February 2023”. The attacker heavily uses the victim’s business name, which is a common tactic to feign authenticity. They’ve attempted to make the email appear as though it’s a business alert by making the sender name “[Company Name] Docs”. The attacker has also made it appear as though the email has been sent from an account at the recipient’s company, adding further plausibility to this being a genuine alert.  

The email looks similar to what you would expect from a DocuSign alert and uses its logo and disclaimers. In the header, the recipient is informed “[Company Name] sent you a document to review and sign”, and they’re then directed to click a button to “Review Documents”. 

Here's an example of the email:

image 1-Feb-17-2023-02-43-51-0753-AM

 Here’s where the scam begins. After clicking the link, the worker is taken to a phishing site that replicates the Microsoft Office 365 login page, and they’re asked to enter their password.  

image 2-Feb-17-2023-02-44-23-9550-AM


If the victim enters their password, they’re shown an error message which states that their password is incorrect. At this point, their credentials have been harvested by the hacker.

image 3-Feb-17-2023-02-45-06-3627-AM

It’s a simple yet effective phishing attack. After a few attempts at entering their password, the employee may exit the tab in frustration with a plan to try again later, putting it out of their mind. In this time, the hacker may be logging onto their account and accessing sensitive emails and files, or communicating with other employees, clients, or suppliers in business email compromise attacks.  

MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its financial well-being.     

MailGuard urges users not to click links or open attachments within emails that:       

  • Are not addressed to you by name.       
  • Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.       
  • Are from businesses that you were not expecting to hear from, and/or       
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.      

Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.  

Reach out to our team for a confidential discussion by emailing or calling 1300 30 44 30.

One email is all that it takes     

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.     

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.  

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.  

Keep Informed with Weekly Updates