720-891-1663

Return to the list of client alerts

Phishing Attack Targets DocuSign, Sharepoint

When you get an email with a link that claims to be from Sharepoint, Teams, Docusign or similar apps, even if you hover over the link, all you see is a super-long seemingly meaningless link.

How do you validate that the link is real and not malicious? The answer is that there is not a simple way to do that.

Enter the hackers …..

So you get an email that seems to come from one of these sources and it says something like “review Covid-19 relief fund as approved by the board of directors.” What do you do?

There is no foolproof method to weed out these attacks, but the normal controls – inbound email filtering, DMARC (but only if it is configured to block fishy emails, which most of the time it is not) and MFA – are helpful.

Even these aren’t perfect.

User training is also critical and by user training, we include anti-phishing training. That training needs to be both frequent and robust. Simple, obvious phishing attack tests are not adequate either. The idea to to have at least a percentage of the team fall for the phish. Falling for the phish is not a sign of failure. You want people to do that so that they learn what to look for the next time. And encourage team members, especially executives, to share the fact that they didn’t detect the fake phish. That helps remove the embarrassment.

Also, having a “report phishing email” button in your users’ email client is useful as a way to get users to report phishing attempts so that you can tighten up the inbound email filtering.

If you do not have a security operations team then it may make sense to outsource that to a SOC as a Service provider. These may be cost effective for smaller companies where it doesn’t make sense to have a 24×7 security team. These teams can detect unusual events and alert on them so that operations can take swift action to close the holes and expel the intruders.

If this sounds complex, it is to a degree, but so is being owned by a Chinese or Russian hacking group. Which would you prefer? Credit: SC Magazine

Copyright © 2025 CyberCecurity, All rights reserved. Privacy Policy