There are some Docusign phishing attempts as catalogued here at Malwarebytes.com 
How can one really tell that it is not a legitimate Docusign instead of a fake site or fake email
Looking at the true email address from section shows where the email is coming from (not the email name “from:” that you see in Outlook or other email clients)
For example: John Doe [JDoe@server2.com] In outlook one sees John Doe, not JDoe@server2.com
The email address coming from Docusign to have you sign a document should be coming from a docusign.com address if you could see the actual address that the email came from. Below are examples of outlook and Thunderbird – Thunderbird allows you to see the email one you hover over the email text (in blue)
So Coming back to why phishing is so effective (besides hiding the email address)
Above is out of Osterman Research (2021)
essentially these five items:
#1 Users lack security awareness and a way to report phishing attempts internally (within companies)
#2 The Chief Administrator is not fully onboard making phishing a #1 problem in cybersecurity that it is. (Not enough due diligence)
#3 Criminals Want more money (more than last year) Asking Grok what the estimated amount made on ransomware by cyber criminals in 2024 Ransomware: 814$million, ~51$Billion in crypto hacks, Crypto Scams 9.9$Billion, criminals earned $2Billion in darknet markets (selling services to each other), Non-crypto fraud 16.6$Billion — Altogether it is about $50-$100 Billion dollars.
#4 Phishing attacks cost less and are more sophisticated.
#5 Remote Work is hard to oversee
So what can we do to help reduce the risk from Phishing attacks? Education, Education, Education: Stop and Think – do not just click and hope. Verify first. Ask an expert if you do not know.
Contact me to create a phishing campaign to defend your employees or people that need it.
this is from one of my books:
And more :
