Phishing: 1 New Document Received
Why this looks valid
- DocuSign is a tool for signing documents which is frequently used by outside companies for Marist College signatures
- The email is formatted to look exactly like a valid DocuSign request
- The email may seem to be from a Marist account or have personalized details in the body of the message
Why this is phishing
- The email comes with an attachment to download, which is not how DocuSign works - valid notifications include a secure link to the DocuSign website
- After loading the file, a malicious website asks for a login to OneDrive, which us not how DocuSign works - valid notifications include a secure link to the DocuSign website
- Awkward sentence construction is a good indicator of malicious emails
- This is an extremely dangerous phishing attempt. If you clicked on this link and filled in your credentials, please contact the Help Desk immediately at x4357 (HELP) or firstname.lastname@example.org.
- DocuSign is a very common service. In fact, it is so common that Cyber Criminals love to craft phishing messages based on the service. Never click any links in a message purported to be from DocuSign unless you are working directly with a vendor or company who tells you in advance you will be receiving it. You should also always ask what email address the notification will come from, to ensure you know the notification is valid.
- This is a sophisticated phishing message. The attached document includes graphics and animation that make it looks like a website is checking a link and checking your credentials. This makes the message seem more legitimate. Don't be fooled by these tactics - always be suspicious of any email that asks you to login using a form or service that is not Marist College.
- Remember: always check the link. You can hover over the link in the email to ensure that it going to a valid service.
- Report this message to Microsoft. In Outlook on the Web, click the Junk menu, and select Phishing.
- A little paranoia goes a long way! Be suspicious of any email messages similar to this one.