Cyber Experts Share Tips to Avoid AI Phishing Scams

Kurt Knutsson, known as ‘The CyberGuy,’ offers practical advice on steering clear of AI-generated phishing scams. Recently, there’s been news about North Korean operatives masquerading as IT workers to siphon funds for the country’s nuclear initiatives.

We often sign documents online without a second thought. A DocuSign request pops up in our inbox, we click the link, and life goes on. However, this habitual convenience is precisely what scammers are banking on. One reader recently shared her eye-opening experience. The email seemed to come from a medical licensing authority, requesting her to review documents for her license renewal.

Susie, a registered nurse from Florida, almost fell prey to the scam. She recounted her story:

“I’m due for my semi-annual renewal. Last month, I got an unexpected email from the state board of health with DocuSign documentation. Despite having used DocuSign many times, something felt off. I checked with them and learned it was a scam. I reported the email for phishing. Thanks to your advice, Kurt, I doubted its authenticity. Nurses, be cautious!”

Susie’s diligence aligns perfectly with expert recommendations—she paused to evaluate her messages before clicking. That simple action can halt a phishing attack before it starts.

Scammers Exploiting DOCUSIGN Emails for Fraud

Scammers are increasingly using DocuSign emails as bait for Apple Pay fraud. Security experts warn that these phishing attempts prey on our everyday online behaviors to capture passwords and access personal accounts.

Recognizing Suspicious DocuSign Emails

Susie provided a screenshot of the email, which initially appeared genuine. The blue layout mimicked a real DocuSign notification, complete with a prominent “Review Document” button. However, one detail raised a red flag: the sender’s email address didn’t match the U.S. health department.

Why These Scams Are Effective

DocuSign is widely used by businesses and government bodies, making such requests commonplace. Scammers take advantage of this expectation, often creating a false sense of urgency, like claiming immediate action is necessary for license or contract renewals. Clicking on the links can lead to a range of malicious actions:

• You might end up on a fake login page aimed at stealing your credentials.
• Malicious files could be downloaded to your device.
• Links may lead to multiple phishing sites.

The ultimate goal is often to acquire your email credentials for fraud or account takeover.

Spotting Red Flags in DocuSign Emails

A few warning signs can help identify fraudulent requests:

Check the Sender’s Address

Always examine the sender’s domain. Emails from foreign educational institutions are rarely legitimate communications from government agencies.

Unexpected Documents

Legitimate requests usually pertain to known transactions. Unexpected attachments should always raise suspicion.

Pressure to Act Quickly

Phishing emails often contain a call to immediate action—take a moment to think before clicking.

Vague Document Descriptions

If the email merely states that a document is available for review, it lacks the detail you would expect from a genuine request.

Risks of Clicking Links

Many individuals believe they can spot fake pages, but phishing sites often look remarkably real. Once credentials are entered, attackers can:

• Reset passwords for financial accounts.
• Send phishing emails to your contacts.
• Access confidential documents in your inbox.

If you’re in healthcare, such compromises could also endanger patient information.

How to Protect Yourself from Phishing Scams

Here are some effective habits to lower your risk:

1) Verify Requests Individually

If an email claims to be from a government entity, reach out directly using a known contact method—not the information provided in the suspicious email.

2) Hover Over Links

Mouse over any link to check its true destination. If it seems sketchy or unrelated to DocuSign, avoid clicking.

3) Employ Strong Antivirus Software

Refrain from clicking links in suspicious emails, and use robust antivirus solutions to block malicious content.

4) Consider Data Deletion Services

Scammers often use public information to craft believable emails. Reducing your online footprint can make you a less appealing target.

5) Access Documents Through Official Accounts

If you rely on DocuSign, log in directly to check for pending documents, which helps you bypass potential email traps.

6) Report Phishing

Forward any suspicious emails to your organization’s security team or report them to the FTC’s Phishing Reporting System. Your actions can protect others.

Key Takeaways

Scams are effective because they’ve intertwined with our daily routines. While signing documents online is now standard, that convenience also serves as a cover for criminals. Susie’s experience underlines the importance of verification. A quick call unveiled the truth about that email—it was a scam.

Now, take a moment to reflect: if you were to receive a DocuSign request today, would you notice any warning signs before clicking?