TIP: Click on subject to list as thread! ANSI
echo: politics
to: All
from: Mike Powell
date: 2024-11-20 10:06:00
subject: Fake DocuSign emails are
Fake DocuSign emails are targeting some top US contractors

Date:
Tue, 19 Nov 2024 19:02:00 +0000

Description:
Attacks on businesses with Government ties have spiked, with fake DocuSign
files a common tactic.

FULL STORY

Cybersecurity researchers have found threat actors are increasingly using
DocuSign impersonations to target businesses who interact with state and
municipal agencies. 

Research by SlashNext found attacks have spiked 98% compared to the previous
two months, with hundreds of instances are being detected daily, and tactics
are outpacing detection methods. Many of these are specifically impersonating
government entities to exploit pre-existing trusted relationships between
businesses and regulatory bodies. 

Researchers found impersonations of the Department of Health and Human
Services, the Maryland Department of Transportation,  the State of North
Carolinas Electronic Vendor portal, the City of Milwaukee, the City of
Charlotte, the City of Houston, and the North Carolina Licensing Board for
General Contractors.

High stakes signatures 

As with most scams, the criminals created a false sense of urgency in 
victims. In one instance, a North Carolina Commercial contractor received a
notice that their $12 million hospital construction project was at risk of
immediate shutdown due to a compliance issue. The notice demanded an $85,000
emergency compliance bond to prevent work stoppage. 

As well as the financial loss, vendors face business disruption and sensitive
data loss from the false contracts. 

Businesses that hold a number of government contracts may be inundated with
communications and contracts, but its important to stay vigilant and double
check emails with inaccurate pricing or industry specific terminology as an
indicator of inauthenticity. 

For businesses, the most important approach to defend against these 
fraudulent attacks is to spread awareness within the organization, to upskill
and empower all workers to identify attacks at the earliest possible stage.
said Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity. 

Beyond this, it is critical that inbound communications are thoroughly
screened before being presented to users, be they emails, SMS, or even old
school postal and fax communications.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/fake-docusign-emails-are-targeting-some
-top-us-contractors

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SOURCE: echomail via QWK@pharcyde.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.