Fake Docusign email spreads a new global phishing campaign. It asks to open a link to revise an agreement. It lands to a website that simulates the victim’s organization homepage, in which the user has only to digit the password

A fake Docusign message spreads a new global phishing campaign that aims to steal email credentials.

The bait is as agreement that can be revised opening a link. It lands to a website that simulates the victim’s organization homepage in which the user is already pre-compiled and only the password has to be digited.

Any alphanumeric combination entered will be wrong and after two attempts the victim will be redirect to the legit homepage.