1. Forum
  2. FidoNet
  3. POLITICS

  • Fake DocuSign emails are

    From Mike Powell@1:2320/105 to All on Wed Nov 20 10:06:00 2024
    Fake DocuSign emails are targeting some top US contractors

    Date:
    Tue, 19 Nov 2024 19:02:00 +0000

    Description:
    Attacks on businesses with Government ties have spiked, with fake DocuSign files a common tactic.

    FULL STORY

    Cybersecurity researchers have found threat actors are increasingly using DocuSign impersonations to target businesses who interact with state and municipal agencies.

    Research by SlashNext found attacks have spiked 98% compared to the previous two months, with hundreds of instances are being detected daily, and tactics are outpacing detection methods. Many of these are specifically impersonating government entities to exploit pre-existing trusted relationships between businesses and regulatory bodies.

    Researchers found impersonations of the Department of Health and Human Services, the Maryland Department of Transportation, the State of North Carolinas Electronic Vendor portal, the City of Milwaukee, the City of Charlotte, the City of Houston, and the North Carolina Licensing Board for General Contractors.

    High stakes signatures

    As with most scams, the criminals created a false sense of urgency in
    victims. In one instance, a North Carolina Commercial contractor received a notice that their $12 million hospital construction project was at risk of immediate shutdown due to a compliance issue. The notice demanded an $85,000 emergency compliance bond to prevent work stoppage.

    As well as the financial loss, vendors face business disruption and sensitive data loss from the false contracts.

    Businesses that hold a number of government contracts may be inundated with communications and contracts, but its important to stay vigilant and double check emails with inaccurate pricing or industry specific terminology as an indicator of inauthenticity.

    For businesses, the most important approach to defend against these
    fraudulent attacks is to spread awareness within the organization, to upskill and empower all workers to identify attacks at the earliest possible stage. said Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity.

    Beyond this, it is critical that inbound communications are thoroughly
    screened before being presented to users, be they emails, SMS, or even old school postal and fax communications.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/fake-docusign-emails-are-targeting-some -top-us-contractors

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)