Docusign impersonation

• Rating: ★★★☆☆
• Date: 2024-09-10
• Objective: Credential harvesting
• Analyst: José Morim

This phishing email is designed to impersonate DocuSign, claiming that the recipient has a completed document ready for review. However, when the recipient clicks the "Preview Document" button, they are redirected to a credential-harvesting site.

Undelivered mail!

• Rating: ★★☆☆☆
• Date: 2024-09-10
• Objective: Credential harvesting
• Analyst: José Morim

This email falsely appears to be from the recipient's email service provider, pressuring them to click a link to retrieve undelivered mail. However, the link leads to a credential-harvesting page designed to steal their login information instead of providing the legitimate messages.

We've closed your account

• Rating: ★★★☆☆
• Date: 2024-09-11
• Objective: Credential harvesting
• Analyst: José Morim

This phishing email is impersonating Wise, falsely claiming that the recipient's account has been closed. It invites the recipient to submit an appeal to reverse the account closure, but this call to action directs them to a credential-harvesting site.

MetaMask impersonation

• Rating: ★★★☆☆
• Date: 2024-09-10
• Objective: Credential harvesting
• Analyst: José Morim

This phishing email is impersonating MetaMask, falsely claiming there has been a login to the account from an unknown location. It urges the recipient to click a button to recover their account, but this link redirects to a credential-harvesting site.

Keep up with threat insights

Threat Insights is a weekly series where we present you with analysis from samples we collect. Follow us on social media for the latest feed and cybersecurity content. Stay informed and stay safe!

---

Get more insights like this

• Follow us on social media to get a weekly update of our latest content, and don't worry—we won't spam your feed ;)
• Join our private beta and get a sneak peek at how your team will improve their security posture.