This week provides an excellent example of why Phishing attacks require you to make a thoughtful pause before opening email attachments. Criminals breached a marketing data base owned by the vendor supplying the state standard electronic signature and contracts workflow product, DocuSign. For more information you can check out this article: https://krebsonsecurity.com/2017/05/breach-at-docusign-led-to-targeted-email-malware-campaign/
As a result, if you have ever used DocuSign at work or at home, your email address and name are now in the hands of skilled criminals who know you as a current or past user of DocuSign. Using that knowledge these miscreants may send you a convincing email pretending to be from DocuSign. Their purpose is to trick you into clicking on a link or opening an attachment that could give them—without you realizing it—control of your computer and everything it has access to. It could even turn your computer into a tool for further criminal exploitation.
- Never open an email from someone you are not expecting one from.
- Never click on a hyperlink which you are not 100% certain is reliable.
- Wherever possible, hover your mouse over ‘from’ addresses and hyperlinks to see if underneath is a different entity.
- Be extra cautious when mobile – your phone or tablet has less ability to help you determine the integrity and reliability of senders’ addresses and the content of messages.
- As always, send to firstname.lastname@example.org if you would like it reviewed first.