Over the last couple of days, we have noticed a spike in email phishing attacks in our clients’ environments. The emails are coming into a client’s environment from well-known and trusted companies.
The phishing email requests users to open a pdf attachment that contains an image of DocuSign that has an embedded link to a fake website (in this case, it resembles Microsoft Office365). It prompts users to enter their credentials.
The email has a PDF attachment which when opened looks like this:
And browsing to the “REVIEW DOCUMENTS” link will present a login screen that looks like this, where “compromisedsite.com” could be any number of different sites that are being used in the attack:
As you know, phishing emails can catch anyone out at any time and are one of the top methods cyber criminals use to gain access to a company’s network. This is a timely reminder to always be vigilant.
Here are some useful tips to help spot a phishing email:
- You aren’t expecting the email
- The email urges immediate action
- The email requests personal information
- Links in the email lead to websites that ask for passwords
- The email may contain a generic greeting rather than a name, e.g. Dear Sir/Madam
- The email contains incorrect spelling or grammar
- The email could include an attachment
- The sender’s name and address does not match the sender or are spelt incorrectly
- The link(s) in the email do not match the URL it redirects to
- The URL does not match the company website or is not using SSL Encryption, e.g. https://