The WSJ Pro Cyber newsletter is reporting today that the FIS Group CEO’s email account was compromised, including phishing attempts using what appeared to be a DocuSign portal.
eSignLive by VASCO (NASDAQ: VDSI), a leading provider of white-labelled e-signature solutions to financial and other regulated industries, commented:
“DocuSign’s business model relies on a self-serving DocuSign branding push via its notification emails, and that puts its customers and its customers’ customers at risk to malicious attacks such as the recent phishing scams. That’s why it’s important to choose a solution that enables your organization to fully white-label the signing experience so that your brand is front and center at all times. At VASCO, we embrace this philosophy and it’s a key reason why the eSignLive solution is trusted by some of the most security-conscious brands in the world,” said VASCO Director of Product Marketing, E-Signature, Rahim Kaba.
According to the WSJ Pro Cyber newsletter:
“FIS Group, an investment firm that manages some $5 billion in assets, was hit by a cybersecurity incident in which scam messages routed through a top executive’s email account instructed people to click on a malicious link…
As part of the incident, email contacts of Tina Williams received a message that notified them a document was available for review through what appeared to be a DocuSign portal. They were prompted to click on a link to access the document.
It is unclear if the website hosted malware or harvested data. The account associated with the bad link has since been suspended. Security company Sophos Ltd. said it blacklisted the link. Sophos is among companies that have blacklisted the domain associated with the link, according to VirusTotal, a service of Alphabet Inc. that tracks how files and websites are classified by anti-malware and security products.
FIS is a manager of managers, and creates funds that invest in up-and-coming equity funds…”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.