If you work as any kind of computer or network security employee, one of the hardest things to deal with is keeping one step ahead of the constantly-changing landscape of cyberattacks. Cybercriminals work tirelessly to find holes, exploits or other vulnerabilities; they then exploit those vulnerabilities once they have discovered them. Security experts can work to block these vulnerabilities; they can work with software developers to patch software, they can warn the public about spam or phishing attacks designed to steal data, or they can work to keep a network’s resources firewalled and free of malicious programs. It seems like, as soon as one vulnerability is shut down, cyber criminals have opened up another one, which may or may not be harder to counter.
One of the latest scams to be aimed at businesses is Secure Document Phishing. This scam takes advantage of the technology that allows us to view and sign contracts and other important documents electronically. Instead of either mailing an important document and waiting for it to be mailed back, or sending it via e-mail and waiting for the e-mail to be printed, signed, scanned and sent back as an attachment, secure documents allow for online viewing and signing of important documents using a PD reader or DocuSign document.
When cybercriminals attempt a secure document phishing attack, they send either a fake DocuSign or PDF attachment to a potential victim, sometimes using a spoofed e-mail address to lower the victim’s guard. Or, the malicious contents are hidden in what appears to be a news story or other current event, a court subpoena or an alert from your financial institution. In the message, the victim is asked to do one of the following things:
- Click on a link to ‘receive a document’. This opens a fake web page asking for credentials, likely for e-mail or credentials phishing.
- Click what appears to be a normal link in a PDF document. This will open a malicious web site that will facilitate the downloading of malicious software.
- Open a Malicious document in Word and enable macros. The macro will initiate the download of malicious software, such as ransomware or Trojans.
Fortunately, there are steps you can take to secure your networks from this type of cyberattack. These steps will either help prevent or mitigate any harm.
- Make sure all anti-virus and anti-malware programs are up to date. If you’re especially concerned about cyberattacks, you might want to look into ways to restrict downloads by PCs on the work network.
- Inform employees about the scam and make sure they know not to click strange links in e-mails. Tell them to delete the messages if they do not know the recipient and were not expecting the ‘documents’.
- Remind employees to follow up if they receive an attachment from a contact. Since many cybercriminals spoof e-mail addresses in order to trick potential victims, it can be easy to assume the ‘document’ being sent is legitimate. Show employees how to tell if an e-mail address is real or has been spoofed to cover the criminals’ tracks. Make sure employees remember to pick up the phone and call contacts whom they receive attachments from. This will help to ensure the message was legitimately sent and isn’t simply a phishing or malware attack, and help the employee ascertain the purpose of the message.
- If an error is made and malicious software does get onto a workstation, act quickly to isolate and clean the affected machine. Not only will this prevent ransomware or other malicious software from damaging the computer, it will also keep other computers on the network safe should the malicious software be able to spread via network connections.