Fake DocuSign emails are targeting some top US contractors


  • Fraudsters are impersonating US Government agencies
  • Victims are encouraged to renew fake contracts using DocuSign
  • Attacks have spiked almost 100% in the last month

Cybersecurity researchers have found threat actors are increasingly using DocuSign impersonations to target businesses who interact with state and municipal agencies.

Research by SlashNext found attacks have spiked 98% compared to the previous two months, with hundreds of instances are being detected daily, and tactics are outpacing detection methods. Many of these are specifically impersonating government entities to exploit pre-existing trusted relationships between businesses and regulatory bodies.

Researchers found impersonations of the Department of Health and Human Services, the Maryland Department of Transportation, the State of North Carolina’s Electronic Vendor portal, the City of Milwaukee, the City of Charlotte, the City of Houston, and the North Carolina Licensing Board for General Contractors.

High stakes signatures

As with most scams, the criminals created a false sense of urgency in victims. In one instance, a North Carolina Commercial contractor received a notice that their $12 million hospital construction project was at risk of immediate shutdown due to a compliance issue. The notice demanded an $85,000 ‘emergency compliance bond’ to prevent work stoppage.

As well as the financial loss, vendors face business disruption and sensitive data loss from the false contracts.

Businesses that hold a number of government contracts may be inundated with communications and contracts, but it’s important to stay vigilant and double check emails with inaccurate pricing or industry specific terminology as an indicator of inauthenticity.

“For businesses, the most important approach to defend against these fraudulent attacks is to spread awareness within the organization, to upskill and empower all workers to identify attacks at the earliest possible stage.” said Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity.

“Beyond this, it is critical that inbound communications are thoroughly screened before being presented to users, be they emails, SMS, or even old school postal and fax communications”

Related posts

Microsoft Copilot Vision is the perfect holiday shopping buddy, and it’s finally here

Quordle today – my hints and answers for Saturday, December 21 (game #1062)

NYT Connections today — my hints and answers for Saturday, December 21 (game #559)

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More