CCR Data Center, Indianapolis, Indiana, January 24, 2023 1400 hrs

This is a CTAS notification alert from CCR Technology Partners. CCR’s Security team has received new reports of cybercriminals sending counterfeit DocuSign emails in attempts infect victims with malware.

This particular ransomware scam works by sending unsuspecting targeted victims emails that appears to be legitimate DocuSign email, containing a link and HTML attachment, requesting the review and signature of a document claiming to be “remittance advice”.

The link directs to a clean, legitimate webpage, but if the targeted user opens the HTML attachment, then a blank image is opened that redirects to a hidden malicious URL and also hides the malware attack.

CCR recommends that users do not reply to DocuSign emails that were sent from someone they don’t know. DocuSign also reports that links in legitimate emails will start with https:\\ and include docusign.net. Legitimate DocuSign emails will also include a unique 32-character security code that will allow users to directly access documents on https://docusign.com, and that DocuSign will never ask users to open PDF, Office documents, or ZIP files in an email. DocuSign also asks that users submit suspicious DocuSign emails to spam@docusign.com.

The CCR CTAS Notification System was created to keep you informed of possible threats to your corporate network environment.

Call the CCR Helpdesk at (317) 842-1754 if you need further information.