skip to Main Content

Cybercrime, new wave of the Docusign phishing campaign via contract

New wave of the Docusign phishing campaign via contract. The link in the email points to a fake Word page where the user is pre-set and only the password needs to be entered. Warning, it’s a scam!

New wave of the Docusign-themed phishing campaign.

 

The bait is the email “Completed: Letter of Acceptance for Contract Ref. No. 2022/ELP/TS/PSAC/4008585(B)” with the request to accept a false contract, which can be viewed by opening a link that points to a page that simulates that of the Word document. The username is pre-set and coincides with the email address of the recipient of the scam. The victim then only has to enter the password.

Any alphanumeric combination entered will be incorrect and after two attempts a new screen will open stating that the operation was successful and that the user will be contacted as soon as possible.

It’s actually just a scam. The goal, in fact, is to steal the user’s credentials.

Back To Top