TJT has become aware of a spam/phishing campaign targeting TJT clients. The message, sent yesterday morning, had a subject line of “Docu Sign” and contains the following:
“A docusign transmission has been sent to you and it has been converted to PDF and you can view a copy in the attachment. Please see attached for copy of docusign HERE”
If you come across this message, please delete it immediately.
The link in the fake email takes you to a sign in page requesting an email address and password, and then another email address. After submitting this information you are told “invalid password”, and nothing else is requested. The email also contains a signature/footer with a TJT employee’s name and our our website address.
Our investigation has determined that TJT’s network has not been compromised, and no client data is at risk. The attacker simply registered a new email account with a provider such as Gmail and specified the name of one of our employees when setting up the account. The goal of this attack was to steal usernames and passwords from our clients for their Gmail/Hotmail/etc email accounts, to be used for further malicious purposes.
Please be aware, TJT uses Citrix Sharefile and Citrix RightSignature for secure document transfer and e-signing. You will not receive secure documents or signature requests from TJT through any other service, so please be extremely cautious when approaching anything claiming to be from us that says otherwise.
For organizations wishing to learn more about how to train employees to spot malicious email attacks, TJT Information Security Services can provide both on-site and web-based training sessions. For more information please contact Drew Green, Director of Security Services.