Encountering a Cyberthreat: What Should You Do, And Why Is It So Easy to Fall For?

Threats can be hard to spot. When you’re not on the lookout for what might be the entrypoint for a data breach, you’re more likely to miss it. And oftentimes, threat actors are good at reaching you when you’re vulnerable—and when you’re expecting something.

In this post, I’ll paint you a picture using a recent threat we discovered.

A Normal Day:

So you’re working on closing a large contract with a company, and you expect to hear back from them shortly. Suddenly, you get a ping as a new email enters your inbox. You tab over from the latest and greatest trends in dog-based TikToks to see what should be the email you’ve been expecting. You click the link and are brought to a DocuSign page and are prompted to put in your email.

Now let’s pump the breaks. Could something be wrong here?

Recently, our Data Science Team (DSI) encountered a threat that had embedded itself on a reputable site.

The Case:

This particular phish had breached the web infrastructure of this site, and established a falsified web page.

Our DSI team examined some of the history behind this original site, and was able to see for the most part that it looks benign. However there were some flags that led us to a slew of non-unique .ru domains and the redirect in question.

These domains included hot keywords such as “signup”, “signnow”, “counter”, and “maildrop” among others along with randomized domain names.

This is not the normal DocuSign page. This page essentially looks for unsuspecting emails/login information to get access to proper logins.  In addition, it's not typical for a cyrillic redirect to show up in your browser—unless you have that as a default language—and even from there, it’s missing a few components of a typical DocuSign login. A trusted DocuSign login page will have “Powered by DocuSign” in the lower left, an up-to-date Copyright date (this threat was found in 2022, but the date was still 2021), and some of the text in the footer is slightly different.

What Can I Do?

How can you protect yourself? Always verify your links, and always look at who’s sending the email. Sometimes it can be tricky, but when expecting something that has vital information attached, whether it be a bank statement, a document to sign, or something asking for a unique login, it may be worth going to the actual site and entering your information in a fresh browser session. An extra two minutes could save you a world of trouble later. 

We are continuing to keep an eye on this particular case, and are also looking for similar cases. 

If you have a lead, feel free to reach out! We love making your web experience safer. 

Search
  • There are no suggestions because the search field is empty.
Latest posts
An Interview With DNSFilter’s New CTO, TK Keanini An Interview With DNSFilter’s New CTO, TK Keanini

In exciting news, DNSFilter recently hired TK Keanini to fill the role of Chief Technology Officer (CTO). TK has over 30 years of experience in network security and most recently served as the Vice President of security architecture and CTO of Cisco Secure. In his new role, TK will lead product management, customer experience, engineering, and security intelligence toward ongoing innovation and growth, focusing on customer needs and feedback to d...

The Intersection of 5G, Public Wi-Fi, and Network Security: Who’s at Risk? The Intersection of 5G, Public Wi-Fi, and Network Security: Who’s at Risk?

The transition from 4G to 5G is revolutionizing the way we connect and communicate, promising unprecedented speed, capacity, and low latency. However, this evolution also brings its own set of challenges, particularly concerning network coverage and security.

Revving up the Fun: DNSFilter's IndyCar Experience Recap—Detroit Grand Prix Edition Revving up the Fun: DNSFilter's IndyCar Experience Recap—Detroit Grand Prix Edition

This past weekend, we had the incredible opportunity to host guests at the Detroit Grand Prix. With representatives from Trace3, Guidepoint, Connection, and Judy Security, the event brought together tech experts and channel professionals for an exhilarating experience.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.