Fight phishing with the power of your own brand

OneSpan Team,

In the world of cyber-fraud, phishing remains one of the most successful and frequently used tactics to steal credentials.  Sadly, as enterprise security layers improve, the attack surface will increasingly center on people instead of systems. In short, humans have become the weakest link in the chain.  As such, the emails generated by electronic signature providers have become a primary target for spoofs designed to trick users into divulging personal information and login credentials. 

Case in point, security researchers at Armorblox identified a phishing scheme that spoofed a common workflow email from a leading e-signature provider. The malicious email cleverly bypassed cloud and in-house email security solutions alike and targeted over 10,000 end users across multiple organizations. 

But there is hope. Something as simple as branding e-signature communications can serve as an easy but effective way to add a critical element of trust with customers. 

Phishing Attacks Spoof Heavily Branded eSignature Providers 

Here’s how the scam works. In order to invite a user to a signing session, an e-signature provider typically sends an email originating from its own domain and selfishly features its own branding. The fraudster exploits this strategy by sending a malicious email that looks in every way like the official email with urgent messaging prompting the user to click. The fraudster will even go as far as to manipulate the sender’s name in the email header to match the provider, even using a valid unflagged domain to bypass security checks. 

The unsuspecting recipient sees an email from an e-signature brand they know in a process they are familiar with, raising no red flags. Clicking the email leads to a spoofed landing page where user credentials for ProofPoint, Microsoft 365, or other applications can then be readily pried away from the target. 

The success of this phishing scheme depends entirely on the familiarity users place in the e-signature provider’s brand and the uniformity of their communications across their entire customer base. One notification email from one organization looks much the same as the next, providing an opportunity for fraudsters to launch mass phishing email campaigns like the one identified by Armorblox. The approach virtually lulls the unsuspecting consumer to sleep. 


How White-Labeling Stops This Phishing Scenario 

With a white-labeled electronic signature solution, such as OneSpan Sign, the business can put its own brand front and center, limiting the appeal for would-be fraudsters. By customizing the content, colors, logo, and other elements of your organization’s emails, you can create a unique style that would require too much individual effort to make it worth the effort for nefarious characters.  Blanket phishing campaigns that go after a much larger pool of targets branded by the e-signature provider are far more fertile ground. 

But we don’t stop there.  OneSpan Sign can also be integrated into your email servers to enable all communications to be sent exclusively from your domain. This creates an additional layer of trust and consistency in your process while also leading to higher completion rates and faster time to completion for customer and revenue-generating business workflows. 

If the same attack were attempted against the users of a OneSpan Sign customer, they would be far more likely to take pause. The email would have originated from the wrong place, include the wrong branding, or feature a logo the user does not recognize. Phishing depends upon the perception of legitimacy and an urgent call to action that demands an immediate click. If you can raise the suspicions of the reader, it can mean the difference between an unfortunate click and a reported phishing attempt. 

Discover More Ways to Fight Phishing 

This phishing scheme to imitate electronic signature process emails is not new and it is increasing in prevalence. Check out this blog article from May 2022, “Phishing: Attackers Use E-Signature Software to Send Emails with Malicious Links” to learn more about these attacks as well as additional ways to protect your customers and business partners.

Direct to Consumer Car Insurance
Case Study

Direct-to-Consumer Car Insurance

Insurer sees 23% higher form completions after replacing DocuSign

Download PDF

The OneSpan Team is dedicated to delivering the best content to help you secure tomorrow's potential. From blogs to white papers, ebooks, webinars, and more, our content will help you make informed decisions related to cybersecurity and digital agreements.