The email rar attachment contains an exe file: the first malware, which downloads the second. The stolen data is exfiltrated via SMTP.
Fake Docusign email spreads a new global phishing campaign. It asks to open a link to revise an agreement. It lands to a website that simulates the victim’s organization homepage, in which the user has only to digit the password
A fake Docusign message spreads a new global phishing campaign that aims to steal email credentials.
The bait is as agreement that can be revised opening a link. It lands to a website that simulates the victim’s organization homepage in which the user is already pre-compiled and only the password has to be digited.
Any alphanumeric combination entered will be wrong and after two attempts the victim will be redirect to the legit homepage.