Surge in DocuSign Phishing Attacks Targeting Government Contractors
/ 3 min read
Quick take - Recent phishing attacks targeting DocuSign have surged by 98% in mid-November, primarily affecting businesses interacting with government agencies, leading to hundreds of daily incidents involving the impersonation of various government entities and highlighting the need for enhanced verification procedures to mitigate risks.
Fast Facts
- Recent phishing attacks targeting DocuSign have surged by 98% from November 8 to November 14, particularly affecting businesses interacting with government entities.
- Attackers are impersonating various government agencies, exploiting established trust to create serious vulnerabilities for businesses.
- Phishing tactics include using legitimate DocuSign accounts to craft templates that closely resemble official documents, leading to significant financial implications for victims.
- Warning signs of these attacks include unexpected license renewal requests, unusual payment instructions, and urgent compliance-related communications.
- SlashNext has launched a solution, SlashNext Complete™, claiming 99.99% accuracy in threat detection to help organizations combat these phishing schemes.
Surge in DocuSign Phishing Attacks Targeting Businesses
Recent attacks targeting DocuSign have surged dramatically, particularly focusing on businesses that engage with government entities. Between November 8 and November 14, there was a staggering 98% increase in the use of DocuSign phishing URLs compared to previous months, specifically September and October. This rise has resulted in hundreds of reported phishing incidents daily, many of which involve the impersonation of various government agencies.
Evolving Tactics and Impersonation of Government Entities
The tactics employed by attackers are evolving quickly, heightening the urgency of the situation. They exploit the established trust that businesses have with regulatory bodies, leading to serious vulnerabilities. A range of government entities is being impersonated in these attacks, including:
- Department of Health and Human Services
- Maryland Department of Transportation
- State of North Carolina’s Electronic Vendor portal
- City of Milwaukee
- City of Charlotte
- City of Houston
- North Carolina Licensing Board for General Contractors
A typical scenario involves contractors receiving what appears to be an official DocuSign request from a licensing board. Attackers utilize legitimate DocuSign accounts and APIs to create templates that closely resemble authentic documents. For instance, a contractor in Milwaukee might receive a DocuSign notification regarding a $2.8 million renovation project, requiring immediate signatures for additional costs. Similarly, a contractor in North Carolina could receive an urgent message from the NC Licensing Board concerning a compliance issue, demanding an emergency bond to avoid project shutdown.
Financial Implications and Warning Signs
The effectiveness of these phishing attacks can be attributed to several factors, including the use of legitimate DocuSign infrastructure, targeting businesses during predictable licensing cycles, incorporating accurate industry-specific pricing and terminology, and bypassing traditional email security filters by utilizing real DocuSign accounts. Attackers design templates that mimic official state documents, such as licensing renewal notices, compliance documentation requests, vendor portal registration requirements, and municipal contract modifications.
The financial implications for businesses subjected to these attacks are significant. These implications include immediate monetary losses, potential disruptions in operations, and confusion regarding licensing statuses that could delay bidding and contract management. There are specific warning signs associated with these attacks that individuals and businesses should be vigilant about, including:
- Unexpected timing for license renewals
- Unusual payment routing instructions
- Requests for immediate action related to state contracts
- Documentation requirements that fall outside normal renewal periods
Mitigating Risks and New Solutions
The sophistication of these phishing attacks presents a substantial risk to enterprises that engage with government agencies. To mitigate this risk, implementing robust verification procedures is crucial for safeguarding business operations and ensuring compliance with regulations. In response to this growing threat, SlashNext has introduced a solution designed to combat the abuse of DocuSign and related phishing schemes. Their platform, SlashNext Complete™, claims to achieve 99.99% accuracy in threat detection and aims to protect organizations from potential data breaches and financial fraud.
Original Source: Read the Full Article Here
