DocuSign, the leader in electronic signature technology, released a statement that a database of customer emails was breached and used in a phishing campaign that began last week. The company has been posting alerts on their DocuSign Trust Site.
The phishing emails were designed to look like they were sent by DocuSign and had subject lines that said “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” or “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature.” Word Document attachments in the emails installed malware if opened.
In the statement DocuSign has ensured that its eSignature service, including email "envelopes" and customer documents that SkyOne sends to members, remain secure, but that hackers were able to access customer emails through a “non-core” system that the company uses to send service-related announcements.
DocuSign added that only emails were stolen and other sensitive information, including names, physical addresses, passwords, social security numbers, credit card data and documents sent through the eSignature system, were not accessed.
The company has put further security controls in place, and are working with law enforcement agencies.
To protect yourself, DocuSign recommends you do the following:
- Delete any emails with the subject line, “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”. These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam.
- Forward any suspicious emails related to DocuSign to firstname.lastname@example.org, and then delete them from your computer. They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.
- Ensure your anti-virus software is enabled and up to date.
- Ensure you have installed the latest software patches, which fix security vulnerabilities and other bugs, and improve the performance of your computer.
- Review DocuSign's whitepaper on phishing available at https://trust.docusign.com/static/downloads/Combating_Phishing_WP_05082017.pdf
Questions? We’re here for you. Call us at 800.421.7111 or email us.