Phishing Emails - How to Protect Your Business

Security & Legality |  January 26, 2018 Rahim Kaba
Phishing Emails

According to a PhishLabs report, phishing emails are on the rise and more sophisticated than ever before. Phishing campaigns trick consumers into clicking on malicious links to provide confidential information to cybercriminals. The rise of web service impersonation attacks involve fake websites and emails that prompt people to log in and give up their login credentials to criminals. Stolen credentials are then used by the attackers to log in to other online services (e.g., email) as a launch pad for other email phishing campaigns that can include, for example, requests to transfer money to a fraudulent account. Vendors like DocuSign are under constant attack by scammers, who send spoof emails purportedly from the vendor’s e-signature service. DocuSign is a prime target for malicious and voluminous phishing attacks because of the widespread usage of its brand across its e-signature service and email notifications. If these types of spoofing techniques end up reaching your end consumer, it could lead to malware (such as ransomware) and exploit the consumer’s identity and personal information, and ultimately have negative implications on your business.

Protect Your Brand & Your Customers Against Phishing Emails

As a business, you’ve invested a lot of money to build and promote your brand. Your brand matters because it represents the essence of what your company stands for. A negative experience related to your brand however can quickly lead to customer churn, low adoption and ultimately impact your company’s bottom line. The Human Factor Report describes advanced cyberattacks that focus on exploiting credentials. The figure below extracted from this report outlines the effectiveness of phishing emails that were based on web services such as DocuSign, OneDrive and DropBox. Email click-through rates are alarmingly high. Each click means that the attacker is one step closer to obtaining and exploiting confidential customer information. So, what can a company do to protect its customers and its reputation? As a pioneer in the e-signature market delivering solutions to for over 25 years, we understand the importance of ensuring your consumers have a trusted journey through the entire digital transaction. The advice we give to our customers is to white-label the entire e-sign experience. You should be able to put the spotlight on your brand to ensure an uninterrupted transition between your branded application and the e-sign application. Industry best practices have shown that a seamless, fully branded transaction reinforces the customer’s trust and encourages high adoption rates. If you’re using an e-signature solution where the vendor’s logo and brand are a prominent part of the e-signature experience, your consumer will logically create an association between your company and the e-signature vendor. If the vendor, for example, experiences a security or data breach, even though it is completely unrelated to your business, it could very well have a spillover effect that can affect your company by association. Furthermore, a vendor-branded e-sign experience puts your consumers at risk. When a client of yours is the recipient of a phishing scam, its main goal is to exploit their identity and personal information. If achieved, it will impact their perception of and trust in your business and can cause them to rethink their relationship with you.

phishing docusign

Decrease the Vulnerability of Attacks with White-Labeling

When evaluating e-signature solutions, make sure that your vendor has your best interests at heart and is invested in your success. If a vendor won’t completely give up their brand, consider that a red flag. Unlike other e-signature providers that insist that their brand is front and center within your application, eSignLive by VASCO enables you to fully white-label the experience – removing all traces of our logo and brand in the transaction. Whether your signing experience is initiated via an email notification or directly within a web portal or mobile app, eSignLive lets you white-label every aspect of the e-signature process. This is the #1 thing you can do to protect your brand and your customers, and deter sophisticated scammers from making you their next target. Look for an e-signature provider that enables you to:

  • Integrate with your own email servers to allow emails to be sent from your domain (e.g., instead of theirs (e.g., sent via [insert vendor name])
  • Customize the content and look-and-feel of email notifications
  • Customize the colors, logo and the visibility of elements such as headers, navigation bars, footers, etc.
  • Customize dialog boxes and error messages

Trusted Digital Transactions

Some of the world’s most security-conscious organizations have put their trust in eSignLive for digital transactions that ultimately touch the end consumer. Your trust and the security of your transactions is our top priority. As a subsidiary of VASCO Data Security (NASDAQ: VDSI), we have decades of experience delivering e-signature and authentication solutions to organizations around the world. We believe that our 25+ years of experience in the IT security segment is a real asset to our employees, partners and customers – who can transact digitally using our solutions with trust and confidence.  

Subscribe to Our Blog

I would like to receive communications from OneSpan and consent to the processing of my personal data. I understand I may unsubscribe at any time.

To view how we process and manage your personal information, please visit our Privacy Policy