The Tech Blog Writer Podcast - Inspired Tech Startup Stories & Interviews With Tech Leaders, Entrepreneurs And Innovators

In this episode of The Tech Talks Daily Podcast, I speak with Michael Tyler from Fortra to uncover the details behind a phishing campaign that exploited USign’s e-signature platform. Fortra recently discovered how cybercriminals leveraged USign’s trusted domain to bypass email security gateways, highlighting the growing challenges related to the "living off trusted services" (LOTS) tactic used by attackers. This phishing campaign exposed vulnerabilities within platforms often regarded as safe by email filters, demonstrating how easily attackers can exploit trusted services. Cybercriminals disguised fake USign documents as HR notifications, tricking victims into entering passwords instead of signatures. By using USign’s strong sender reputation, these malicious emails were able to bypass traditional email security measures, making them harder to detect. The attack even showed signs of being generated with AI language models, adding another layer of sophistication. We dive deeper into the LOTS tactic, where att