How to use the power of your brand to fight eSignature phishing scams
In the world of cyber fraud, phishing remains one of the most successful and frequently used tactics to steal credentials. As enterprise security layers improve, the attack surface will increasingly center on people instead of systems making humans the weakest link in the chain. As such, emails generated by electronic signature providers are a primary target for spoofs designed to trick users into divulging personal information and login credentials.
In early 2023, security researchers at Armorblox identified a phishing scheme that spoofed Docusign emails. The malicious email cleverly bypassed cloud and in-house email security solutions and targeted over 10,000 end users across multiple organizations. Then, in late 2024, researchers at SlashNext Email Security reported an alarming increase in this Docusign phishing scheme, with 20% of the attacks impersonating government agencies.
But there is hope. For enterprises, something as simple as branding eSignature communications can be an easy but effective way to add a critical element of trust with customers.
How phishing attacks spoof branded eSignature providers
In order to invite a user to a signing session, an eSignature provider typically sends an email originating from its own domain and featuring its own branding. The fraudster exploits this strategy by sending a malicious email that looks like the official eSignature provider's email with urgent messaging prompting the user to click. They will even go as far as to manipulate the sender’s name in the email header to match the provider and may even use a valid unflagged domain to bypass security checks.
The unsuspecting recipient sees an email from an eSignature brand they know in a process they are familiar with, raising no red flags. However, clicking the email leads to a spoofed landing page where user credentials for ProofPoint, Microsoft 365, or other applications can then be readily pried away from the target.
The success of this phishing scheme depends entirely on the familiarity users place in the eSignature provider’s brand and the uniformity of their communications across their customer base. Since a notification email from one organization looks much the same as the next, fraudsters are able to launch mass phishing email campaigns like the Docusign attacks identified by Armorblox. The approach virtually lulls the unsuspecting consumer to sleep.
Protect your brand by white labeling
With a white-labeled eSignature solution, such as OneSpan Sign, enterprises can put their own brand front and center, limiting the appeal for would-be fraudsters. By customizing the content, colors, logo, and other elements of your organization’s emails, you can create a unique style that would require too much individual effort to make the scam worth it for nefarious characters. Blanket phishing campaigns that mirror the branding of a known third party, however, are able to reach a much larger pool of targets.
At OneSpan, we don’t stop at white labeling. OneSpan Sign can also be integrated into your email servers to enable all communications to be sent exclusively from your domain. This creates an additional layer of trust and consistency in your process ultimately leading to higher completion rates and faster time to completion for customer and revenue-generating business workflows.
If the same phishing attack were attempted against users of a OneSpan Sign customer, the user would be far more likely to pause before clicking any links. This is because the email would have originated from the wrong place, include the wrong branding, and feature a logo the user does not recognize. Since phishing depends on the perception of legitimacy and an urgent call to action, raising the suspicions of the reader can mean the difference between an unfortunate click and a reported phishing attempt.
Discover more ways to fight phishing
Phishing scams that imitate eSignature request emails are not new and will continue to increase in prevalence, as we’ve seen with recurring Docusign phishing campaigns. White labeling your email communications is a good first step to protecting your employees, customers, and business partners.
Learn more about how to protect your brand from eSignature phishing scams.
Datasheet
eSignature Security Checklist
Simplify your eSignature evaluation with this summary checklist. It contains more than 20 security requirements to look for across 6 categories.
Download now
