A friend was sent this email and he forwarded it to me. It's a brilliant new social engineering phishing scam. It will sail through all your spam / malware filters and email protection devices, because it's entirely legit by using the Docusign infrastructure. Prime example of an info grabbing phish that does not use a malicious payload.
Look Mom, No Malware!
Clicking on the yellow "Review Document" button gets you to—again an entirely legit—Docusign page, which requires you to fill out the form as per the normal process. I broke it up in two parts. The top half is more or less normal for a loan application. But wait, the second half really takes the cake.
Continuing to fill out the form allows the bad guy to completely steal the identity of the victim—and the company identity— especially if they are gullible enough to add the "past three most recent bank statements". Circled.
If someone in accounting would fall for this attack, the damage could be extensive to a point of bankruptcy for a small business that gets hit hard with the potential repercussions.
Identify those high-risk employees and step them through new-school security awareness training!