Skip to content

Don’t sign your business away with this devious new phishing scam

Electronic-Signature Imposters

Arthur Gaplanyan

Esign Malware Alert

The scamming never stops, so here’s another one making the rounds that you should keep your eye out for. As with all phishing scams, an email is sent impersonating a known brand or source to gain your trust.

In this current trend, they are impersonating electronic signature platforms such as DocuSign or Adobe Sign. Normally with those services, you would click the link to review a document you would then e-sign.

This time, however, the email contains an attachment of a blank image that contains an HTML file attachment. That HTML sends you to a malicious URL that installs malware on your device.

The details are tricky, as this method helps it get past a lot of security software.

That puts businesses at risk of exposing their data and leaving them open to ransomware attacks.

This recent wave of attacks has targeted small and medium sized businesses. You should take action to stay ahead of the cybercriminals.

Here are some steps you can take to help protect yourself from this scam:

  • If you use software to e-sign documents, make sure each email is genuine before opening any attachments.
  • Notify your team. Your awareness of this threat isn’t as good as the entire team being aware.
  • Always hover over links to see the true destination before clicking them. If you’re on a mobile device, this is harder so wait until you get to a computer just in case.
  • Be sure to check the sender’s email address to see if it’s legitimate. We see impersonations with similar names to dupe those who aren’t paying attention.
  • Be sure your domain and email settings are correct. If they aren’t somebody can impersonate you and your company (without any misspellings) and use your name to target other companies.
  • On the flip side, make sure your email security is blocking or quarantining misconfigured emails. You may receive a legitimate email from a legitimate company but if their settings are incorrect, then you might be a target by somebody using their name. Let them know to update their configurations to make all of you safer.
  • Regarding your email security, you could set it to block all emails with this type of attachment. That will prevent employees from being exposed to these scam emails in the first place.

By taking these simple steps, you can protect yourself from this new phishing scam and other similar threats.  If you need advice on what your options are or need help implementing any security measure, schedule a free assessment on our live calendar.

Stay safe!