Email from:"DocuSign Electronic Signature and Invoice"

Computer Software > Security

Email from:"DocuSign Electronic Signature and Invoice" - what's the story?

(1/3) > >>

Weaver:
From: "DocuSign Electronic Signature and Invoice" <docusign@vsimportservices.com>

Has anyone seen this email before ? What is this about - trying to get you to download malware maybe"

burakkucat:
I suspect your suspicions are correct. Does the mail header show anything abnormal?

Weaver:
I cannot see anything suspicious about the headers. It was sent direct from the company vsimportservices mentioned. There is a load of html with a url in it which I thought was the only one that had the potential to be interesting and it was http://yapd.org/someloadofjunkpossbase64ididntcheck but when I try probing that web server it just times out. So I failed to work out what it was trying to do.

My best guess is that someone has taken someone's email format and inserted malicious urls into it. I eventually noticed some ungrammatical english - why can evildoers never manage to write english properly?

sevenlayermuddle:
Actually, I do sometimes find it interesting to analyse spam, work out what was the intention and where they got the “sucker” email from.

In this case, a few mins on google reveal this to be a known phising attack, linking to a malicious word document. The emails are obviously fake, and not genuine docusign. See here...

https://www.docusign.com/trust/alerts/update-8222018-813-am-pacific-time-new-phishing-campaign-observed-today

More interestingly perhaps, it seems that docusign themselves were breached last year, leaking users’ email addresses. This allowed the bad guys to target their spam with a decent probability that the recipient is actually using docusign’s services, and may mistake it for something that’s expected. See here...

https://krebsonsecurity.com/2017/05/breach-at-docusign-led-to-targeted-email-malware-campaign/comment-page-1/

Fairly sure I’ve been forced to use a service vaguely similar to docusign myself at some time, maybe to do business with solicitor or an accountant, or something? I have never been comfortable with such goings on. :(

banger:
Seems 7LM has your answer.

Navigation

[0] Message Index

[#] Next page

Go to full version