Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins

A targeted phishing attack takes aim at a major U.S. payments company.

A sophisticated phishing campaign directed at a “major, publicly traded integrated payments solution company located in North America” made use of DocuSign and a compromised third party’s email domain to skate past email security measures, researchers said.

The campaign spread seemingly innocuous emails around the company, with the goal of stealing Microsoft login credentials, researchers at Armorblox revealed.

Attackers Masquerade as DocuSign

Around 550 members of the targeted company received the same email in their inboxes, researchers told Threatpost. The sender’s name was “Hannah Mcdonald,” and the subject line and the body of the email were quite simple and to the point, as seen below:

Source: Armorblox.

Those who clicked the link in the email were presented with a preview of an electronic document through DocuSign, a common e-signature software, according to Armorblox’ Thursday analysis. The preview looked like a legitimate DocuSign landing page, with a prompt to “Please review and sign this document,” and an indication that other parties had already added their signatures.

The preview was hosted on Axure, researchers noted – a valid, cloud-based

Read More: