A friend was sent this email and he forwarded it to me. It's a brilliant
new social engineering phishing
scam. It will sail through all your spam / malware filters and email protection
devices, because it's entirely legit by using the Docusign infrastructure.
Prime example of an info grabbing phish that does not use a malicious payload.
{ Click on images to view larger }
{ Click on images to view larger }
Clicking on the yellow
"Review Document" button gets you to—again an entirely legit—Docusign
page, which requires you to fill out the form as per the normal process. I
broke it up in two parts. The top half is more or less normal for a loan
application. But wait, the second half really takes the cake.
Continuing to fill out
the form allows the bad guy to completely steal the identity of the victim—and
the company identity— especially if they are gullible enough to add the
"past three most recent bank statements". Circled.
If someone in
accounting would fall for this attack, the damage could be extensive to a point
of bankruptcy for a small business that gets hit hard with the potential
repercussions.
