Banking scam uses Docusign phish to thieve 2FA codes

2021-10-26 18:57

It's easy to forget that the "Obviousness" of many scam emails comes from the fact that the crooks never intended those scams for us in the first place.

We received a phish this morning that specifically targeted one of the main South African banks.

There's no possible reason for any crook to associate Sophos Naked Security with that bank, let alone with an account in South Africa.

It's not a contract, so there's nothing to identify the person at the other end, or to reveal what the document is about, so the Docusign link is actually a red herring, though it does add a sense of legitimacy-mixed-with-curiosity into the scam.

We didn't try calling it, but we don't doubt that if you were to do so, the phone would be answered by someone claiming to be from the very bank against which this scam is being worked.

Copying the look-and-feel of a brand's website is easy, but hacking into that brand's own servers to run the scam is much harder.

News URL

https://nakedsecurity.sophos.com/2021/10/26/banking-scam-uses-docusign-phish-to-thieve-2fa-codes/

#2FA #banking #phish #scam