SECURITY ALERT: Phishing scam spoofs Docusign transmission

Please be aware the CSIT has received a number of reports from faculty and staff of a new phishing scam targeting NWU accounts.  This particular variant has managed to evade the security filters on our Office 365 tenancy, so you may see it in your Inbox.

The instances of this scam which we have seen to date appear all to have been generated from a single compromised email account.  The sender address is "brnwalker [at] cn.edu (brnwalker[at]cn[dot]edu)" and the subject line of the message is "Your document has been completed."  The body of the message purport to be a message sent via Docusign and directs the message recipient to click on the embedded link to receive a document.  The styling of the message content is lifted from legitimate Docusign alerts.

Should you receive a message such as this in your mailbox, please delete it immediately.  It can be exposed as a fraud by simply hovering your mouse cursor over the embedded link and revealing that the target URL is not within the Docusign domain. In this case, the target URL for the scam has already been taken down, so following the link will only result in a browser notice that the page is no longer available.  In general, however, please use extreme caution when handling any email messages with embedded URLs, particular if the message is from an account you do know recognize and if the message is not something you are expecting.

Steve