Technical Action Group has received reports from clients about a recent, rapid increase of phishing e-mails regarding the application DocuSign, as well as emails regarding the recent Meltdown and Spectre vulnerabilities recently made public due to the Intel and ARM chip vulnerabilities.

Phishing e-mails appear to be legitimate but are actually taking you to a fake site to get your login credentials. Oftentimes, these credentials are used for nefarious or illegal actions and you may not even realize you have given up your login credentials.

WHAT YOU NEED TO KNOW

DocuSign Phishing E-mails:
An email comes in from someone who appears to be within your organization (CEO, CFO, etc) with a DocuSign attachment with a request to “please review and sign the attachment”. When you click on it, you will be taken to an e-mail login page asking for your username and password. Once you have entered the information, you are then taken to the real site to login, so it appears you have only mistyped your information.

Meltdown / Spectre Phishing E-Mails:
A number of releases and information have been made public about Meltdown and Spectre. A great deal of effort is being expended in the industry to get these vulnerabilities patched / fixed. TAG is monitoring the updates from manufacturers and will continue to take action as fixes are released to reduce the risk associated with Intel and ARM chip vulnerabilities.

Hackers have taken advantage of the public knowledge of the Meltdown and Spectre vulnerabilities by e-mailing messages to users instructing them to install a patch to fix the vulnerabilities in Microsoft Windows. These e-mails are NOT legitimate as any patches / fixes would come from Microsoft and installed through Windows updates.

Microsoft, Apple and hardware manufacturers do not send e-mails to users directly regarding these patches.

WHAT YOU NEED TO DO

If you receive a DocuSign email described above, contact the sender directly, by separate email (do not reply to the email you received) or phone to confirm the legitimacy of the email. If it is not legitimate, delete the email from your inbox, and deleted items immediately.

If you have received a phishing e-mail from anyone AND you entered your login information on a website, it’s imperative that you do the following immediately:

  1. Save your open documents and shut down your computer in order to prevent the spread of a potential virus that may have been introduced.
  2. Contact your IT provider immediately and ask them to check your computer for viruses and have your e-mail password changed.
  3. Circulate this email to your staff and colleagues so they take extra precautions before opening email attachments they aren't expecting.

At TAG, our clients' IT security is of paramount concern to us and while we do everything we can to protect you from the nefarious actions of cybercriminals, security is a combined effort. As always, please be cautious when clicking links in e-mails and attachments. If you are not expecting an e-mail with instructions from someone, make sure to verify its legitimacy before opening the link or attachment to be sure the content is being sent intentionally from the user.

If you have any questions, please contact our support staff at 416-489-6312.