Summary
A phishing campaign spoofs DocuSign notifications to redirect victims through a fake CAPTCHA gate to a cloned Google login page, aiming to steal Google Workspace credentials. The attack gains credibility and evades spam filters by appending a stolen legitimate email thread below the phishing lure and by sending to noreply@docusign.com which is only useful for the victim to recognize the domain.
Take Action:
If you receive a DocuSign email, don't click any links in it. Go directly to docusign.com and log in manually to check for pending documents. Always verify the sender address and the URL bar before entering any credentials; if the login page URL isn't accounts.google.com, close the tab immediately. Finally, don't trust huge email chains, they can be faked or stolen from another conversation.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)