Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Ellen Jennings-Trace

Fake DocuSign emails are targeting some top US contractors

Robotic Hand Assisting Person For Signing Document Over Wooden Desk In The Courtroom.

  • Fraudsters are impersonating US Government agencies
  • Victims are encouraged to renew fake contracts using DocuSign
  • Attacks have spiked almost 100% in the last month

Cybersecurity researchers have found threat actors are increasingly using DocuSign impersonations to target businesses who interact with state and municipal agencies.

Research by SlashNext found attacks have spiked 98% compared to the previous two months, with hundreds of instances are being detected daily, and tactics are outpacing detection methods. Many of these are specifically impersonating government entities to exploit pre-existing trusted relationships between businesses and regulatory bodies.

Researchers found impersonations of the Department of Health and Human Services, the Maryland Department of Transportation, the State of North Carolina’s Electronic Vendor portal, the City of Milwaukee, the City of Charlotte, the City of Houston, and the North Carolina Licensing Board for General Contractors.

High stakes signatures

As with most scams, the criminals created a false sense of urgency in victims. In one instance, a North Carolina Commercial contractor received a notice that their $12 million hospital construction project was at risk of immediate shutdown due to a compliance issue. The notice demanded an $85,000 ‘emergency compliance bond’ to prevent work stoppage.

As well as the financial loss, vendors face business disruption and sensitive data loss from the false contracts.

Businesses that hold a number of government contracts may be inundated with communications and contracts, but it’s important to stay vigilant and double check emails with inaccurate pricing or industry specific terminology as an indicator of inauthenticity.

“For businesses, the most important approach to defend against these fraudulent attacks is to spread awareness within the organization, to upskill and empower all workers to identify attacks at the earliest possible stage.” said Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity.

“Beyond this, it is critical that inbound communications are thoroughly screened before being presented to users, be they emails, SMS, or even old school postal and fax communications”

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.