ALERT: Email Phishing Attack

By August 15, 2018Security News

Over the last couple of days, we have noticed a spike in email phishing attacks in our clients’ environments.  The emails are coming into a client’s environment from well-known and trusted companies.

The phishing email requests users to open a pdf attachment that contains an image of DocuSign that has an embedded link to a fake website (in this case, it resembles Microsoft Office365).   It prompts users to enter their credentials.

The email has a PDF attachment which when opened looks like this:

And browsing to the “REVIEW DOCUMENTS” link will present a login screen that looks like this, where “compromisedsite.com” could be any number of different sites that are being used in the attack:

As you know, phishing emails can catch anyone out at any time and are one of the top methods cyber criminals use to gain access to a company’s network.  This is a timely reminder to always be vigilant.

Here are some useful tips to help spot a phishing email:

  • You aren’t expecting the email
  • The email urges immediate action
  • The email requests personal information
  • Links in the email lead to websites that ask for passwords
  • The email may contain a generic greeting rather than a name, e.g. Dear Sir/Madam
  • The email contains incorrect spelling or grammar
  • The email could include an attachment
  • The sender’s name and address does not match the sender or are spelt incorrectly
  • The link(s) in the email do not match the URL it redirects to
  • The URL does not match the company website or is not using SSL Encryption, e.g. https://
Sam Bennett

About Sam Bennett