In a recent phishing campaign, hackers have been using DocuSign and Dropbox to send emails that appear to be invoices. These fake invoices lead to login pages that if credentials are entered your email will be hacked.
How the Phishing Scam Works
The scam typically involves an email that
appears to be from a legitimate company, like a vendor you do business with.
The email will contain a DocuSign link that supposedly leads to an invoice.
Once you click on the link, you'll be directed to a separate page which
contains a link that appears to go to Microsoft. If credentials are entered
into this page your email account will be hacked.
An example of what this might look like is below:
After
you click on "Review Documents" it will bring you to the below link.
When clicking on "Open Message" it will lead you to a login
page that appears to be for Microsoft. If you enter your email password into
this page your email will be hacked.
Only enter in your Microsoft credentials if the URL reads https://login.microsoftonline.com/.
How to Protect Yourself
Here are some steps you can take to protect yourself and
your business from these phishing attacks:
- Only
sign into Microsoft if the URL reads https://login.microsoftonline.com/
. If you are unsure if a sign-in link is legitimate contact your IT
department.
- Be
cautious of unsolicited emails, even if they appear to be from a known
sender. Always check the sender's email address carefully for any
misspellings or inconsistencies.
- Don't
click on links in emails. If you're unsure about the legitimacy of an
email, contact the sender directly to confirm whether they sent it.
- Enable
two-factor authentication (2FA) on all your online accounts, especially
Microsoft. 2FA adds an extra layer of security by requiring a second
verification step, such as a code from your phone, in addition to your
password.
- Verify
the invoice details directly with the sender. If you receive an
invoice that seems suspicious, call the sender directly to confirm the
amount and other details. Even if the invoice is from a sender you trust
it is possible their email was hacked.
By following these steps, you can help protect yourself and
your business from falling victim to phishing attacks.
Additional Tips
- Regularly
train your employees on how to identify phishing emails.
- Have a
clear policy in place for how employees should handle suspicious emails.
- Use a
web filter that can block malicious websites.
By taking these precautions, you can significantly reduce the risk of falling victim to a phishing attack.
VECTOR CHOICE ADVANTAGE
At Vector Choice, we prioritize the security of your business. Our expert team
can help you implement robust cybersecurity measures to protect your sensitive
information from threats like phishing attacks.
Contact us today to learn more about our comprehensive
cybersecurity solutions.
