The Latest Trick in Social Engineering, Using completely legitimate tools to gather your information.
I was reading an article on a new method of getting information from a person. It’s a brilliant new social engineering phishing scam. It will not be blocked by your spam / malware filters and email protection devices, because it’s entirely legit by using the DocuSign infrastructure. This is an example of an info grabbing phish that does not use a malicious payload program.
If you click on the yellow “Review Document” button you go to an entirely legit DocuSign page, which requests you to fill out the form as per the normal process. This particular scam comes in two basic parts. The first part is the top half is more or less normal for a loan application. But the second half is where the scam takes place and is rather bold.
If you continuing to fill out the form it will allow the bad guy to completely steal the identity of the victimâ€”and the company identityâ€” especially if they are gullible enough to add the “past three most recent bank statements”. Circled.
If someone in your accounting department would fall for this attack, the damage could be extensive to a point of bankruptcy for a small business that gets hit hard with the potential repercussions.
Identify those high-risk employees and step them through our security awareness training!