If you work as any kind of computer or network security employee, one of the hardest things to deal with is keeping one step ahead of the constantly-changing landscape of cyberattacks. Cybercriminals work tirelessly to find holes, exploits or other vulnerabilities; they then exploit those vulnerabilities once they have discovered them. Security experts can work to block these vulnerabilities; they can work with software developers to patch software, they can warn the public about spam or phishing attacks designed to steal data, or they can work to keep a network’s resources firewalled and free of malicious programs. It seems like, as soon as one vulnerability is shut down, cyber criminals have opened up another one, which may or may not be harder to counter.
One of the latest scams to be aimed at businesses is Secure Document Phishing. This scam takes advantage of the technology that allows us to view and sign contracts and other important documents electronically. Instead of either mailing an important document and waiting for it to be mailed back, or sending it via e-mail and waiting for the e-mail to be printed, signed, scanned and sent back as an attachment, secure documents allow for online viewing and signing of important documents using a PD reader or DocuSign document.
When cybercriminals attempt a secure document phishing attack, they send either a fake DocuSign or PDF attachment to a potential victim, sometimes using a spoofed e-mail address to lower the victim’s guard. Or, the malicious contents are hidden in what appears to be a news story or other current event, a court subpoena or an alert from your financial institution. In the message, the victim is asked to do one of the following things:
Fortunately, there are steps you can take to secure your networks from this type of cyberattack. These steps will either help prevent or mitigate any harm.