The following five steps outline the usual progression a hacker will most likely follow in regard to this type of scam:
Step No. 1: You and/or members of your organization receive an email from a trusted source—someone who you have previously done business with or have corresponded with. The email states you have received documents that need to be signed or reviewed or something similar. The subject line of the body or the email will reference Docu Sign or some other document storage application.
Step No. 2: You are asked to click on a link in order to sign in, open and view the documents.
Step No. 3: The link opens another page and you are asked to sign in with your Microsoft account information or your email address and password.
Step No. 4: If you click on the link and sign in, your email address and password are immediately sent to the hacker.
Step No. 5: Once they have your email address and password, they will be able to log into your email account or spoof your email and send/receive email as if they were you. Recipients will see the incoming email coming from your address. Or, the hacker can set up your email account in their local Outlook program on their computer and send/receive email as if they were you.
It is not unusual for the hacker to do nothing for several days. They will log in and out of your email account just to see if you have changed your password. After several days, when they see they still have access to your account, they will begin sending malicious emails to individuals in your contact list.
We have also seen an incident where the hacker logged into a user’s account and configured email Rules on the Exchange server that diverted incoming email.
What to do if you are targeted?
If you receive one of these DocuSign emails or a similar type of email request, call the sender and make sure the email was actually sent by the person. If not, delete the email. DO NOT CLICK ON THE LINK OR SUPPLY YOUR EMAIL ADDRESS OR PASSWORD. If you have a situation where someone clicked through and signed in, you should change your email passwords right away.
How can you protect your company from this type of scam?
- Communicate with your staff on a regular basis of the potential threats out there and the steps to take against them. Make sure everyone in your company is well-versed on what to look out for when it comes to email scams. Anytime you hear of a particular scam, send an immediate notification out to everyone on your staff and any outsiders who also use your network. Security issues should not be tacked with a one-and-done approach; there should be a constant drip of information.
- Advise all employees to verify a suspicious and unexpected email by calling the actual sender.
Steve Giordano is president of TeamLogic IT. Learn more about the company by clicking here.