Beware of phishing emails related to signing documents

The Computer Security Incident Response Team (CSIRT) is aware of and currently investigating a range of new phishing attacks doing the rounds on campus, using the Adobe Sign service. Each of these emails asks you to click a link in order to sign a document.

The email will come from the address adobesign@adobesign.com – but it will include “on behalf of” someone in the sender’s line. For example:

Adobe Acrobat Sign on behalf of Joe Bloggs <adobesign@adobesign.com>

It’s important to note that Adobe Sign is a legitimate service used at UCT, but in these cases, hackers are using it to send realistic-looking phishing emails.
These requests are designed to grab your attention, and could include any of the following:

Request to sign a payment from a well-known bank. (Example: "Reminder: Waiting for you to sign Payment_Fnb.co.za")
Request to sign a contract (Example: "Revised Contract Document: Sign")
Request to sign a report (Example: "Copyright infringement report")

There are variations of the email entitled Waiting for you to sign.

What to do if you receive such an email

If the request is unexpected, don’t click the link. Instead, forward the email as an attachment to the IT Helpdesk, asking them to investigate this as a phishing incident.
If the request seems legitimate and is from someone you know, contact that person directly (via their UCT contact details or alternate contact details) to confirm that they have sent this to you and that they need you to sign.

What to do if you’ve already clicked the link

The UCT CSIRT is currently taking the required remedial steps. However, if you have already actioned such a request, and/or entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk.

Please urgently send an email to the IT Helpdesk and let them know that you provided your details. Thereafter, follow these steps:

On a device that you know to be free of malware and infection, change your UCT password immediately. For assistance with password management at UCT, visit http://icts.uct.ac.za and search for “passwords”.
Run a full anti-virus scan of your machine.

Please remember

Keep track of the latest phishing attempts on campus via the UCT Phish Bowl.
Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
NEVER share your password or PIN with anyone – not even an ICTS representative, or representatives of your bank, mobile network, or other service providers.
Do not open attachments unless you can verify the sender and the nature of the attachment.
Don't open emails of unknown origin.
Don't click on links in emails if you cannot recognise where the link directs you.
Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the IT Helpdesk at icts-helpdesk@uct.ac.za. Learn more about how you can report information and cybersecurity-related issues to the UCT CSIRT.

Beware of phishing emails related to signing documents

What to do if you receive such an email

What to do if you’ve already clicked the link

Please remember

Secure your home's wireless router from vulnerabilities and threats

Take care when shopping this festive season

Beware of phishing email entitled Completed … Invoice & Remittance August 2023

Security updates and new phishing attacks

Social media scams

Wise up about who has access to your data