Yahoo Finance Email scam alert: Don’t fall for this clever but fake ‘DocuSign’ notification
Scammers are well-known for pretending to be the tax man, big banks, telcos or even PayPal in order to steal your money.
But really, it doesn’t matter who they pretend to be: all they need to do is to get you to click through to potentially threaten your online security.
Related story: Protect your money: The 2019 tax time scams you need to watch out for
Related story: The 10 biggest scams of 2019 so far
Related story: Warning: This type of scam has skyrocketed, and it’s targeting Aussies
The latest scam cybercriminals are trying to pull off, according to email security firm MailGuard, is a “convincing fake ‘review document’” that could have all sorts of hidden and malicious risks.
“The email is presented as a pretty credible and well-crafted DocuSign fake notification,” MailGuard said in a blog post.
It looks as though the sender, ‘Unicoi State Park & Lodge’, has sent a document for the recipient to review and e-sign.
Here’s what the email says:
Dear Client,
Please press the ‘Review Document’ button to review your Service Agreement and complete the e-signature process.
Upon completion you will automatically receive an email with an attached signed copy of this Service agreement.
To sign it, a bright yellow button against a dark blue banner titled ‘REVIEW DOCUMENT’ is at the top of the email – and it’s only too easy to click on it.
Recipients who click through are sent to a blank page, but it isn’t as innocent as it seems.
“It is important to note that malicious third parties can use these links as a platform for future attacks,” warned MailGuard.
“This page could potentially be used to host a malicious file download or phishing page.”
What should I do if I’ve received this scam email?
Definitely don’t click anything, and delete it immediately.
The fact that it appears to be from DocuSign, a trusted electronic signature software firm, is what easily fools people into clicking and makes it a “convenient trojan horse for malicious attacks”.
Not sure if the email is real or fake? According to MailGuard, these are the signs to look out for:
If it’s not directly addressed to you by name or has poor English or grammar, it likely isn’t legitimate;
If it’s from a business you’re not expecting to hear from;
If it asks you to click a link that looks suspicious; and
If it takes you to a landing page or website that doesn’t have the URL of the company the email purports to be from.
It only takes one email
“Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside,” stated the MailGuard blog post.
“All criminals need to break into your business is a cleverly worded message.
“If they can trick one person in your company into clicking on a malicious link they can gain access to your data.”
Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, news and tech news.
