Threat Alert: NDA-THEMED LURES ABUSE DocuSign Brand to Steal Credentials

• A series of phishing attacks is abusing the the DocuSign brand.
• Despite the lures using DocuSign branding, the emails do not come from a DocuSign sending address.
• The lures contain links purportedly leading to a completed DocuSign contract regarding an NDA for the targeted company.
• Clicking the link leads to a Microsoft sign in authentication page.
• Entering credentials ultimately leads to credential and multi-factor authentication token theft.

Key Action: Report Suspicious Emails 

• Remain alert to phishing indicators. Mismatches between sending addresses and an organization’s name are always warning signs.
• Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well- known organizations.
• Report ANY suspicious emails using the Phish Alarm button.