SiliconAngle reports that more than 10,000 users across various organizations have been targeted by a new phishing email campaign using fake DocuSign messages to facilitate login credential theft.
Malicious emails with "Please DocuSign: Approve Document 2023-01-11" on the subject line have been sent to recipients as a lure to open the message, which contains a "view completed document" button that would redirect to a spoofed Proofpoint Storage application page that asks recipients to input their Proofpoint ID, an Armorblox report showed.
Both Microsoft Office 365 and Proofpoint security protections have been evaded by the campaign.
"These native email security layers are able to block mass spam and phishing campaigns and known bad URLs; however, when it comes to unknown links or zero-day attacks, these security layers fall short," said Armorblox, which urged organizations to bolster email security with more controls aimed at improving defenses against business email compromise, spear-phishing, and credential phishing attacks.