DocuSign Warns of Fraudulent Emails (5/16/17)
DocuSign, a major provider of electronic signature technology, acknowledged today that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems. The company stresses that the data stolen was limited to customer and user email addresses, but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign.
The email subject reads: "Completed: docusign.com - Wire Transfer Instructions for recipient-name Document Ready for Signature” and contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware.
Legitimate DocuSign signing emails come from @docusign.com or @docusign.net email addresses.
Please remember to be particularly cautious if you receive an invitation to sign or view a Document you are not expecting. If you have received a copy of the above email, DO NOT OPEN ANY ATTACHMENTS. Instead, forward the email to email@example.com and then immediately delete the email from your system.
If you have reason to expect a DocuSign document via email, don’t respond to an email that looks like it’s from DocuSign by clicking a link in the message. When in doubt, access your documents directly by visiting docusign.com, and entering the unique security code included at the bottom of every legitimate DocuSign email. DocuSign says it will never ask recipients to open a PDF, Office document or ZIP file in an email.
For further advice on how to recognize malicious emails and how to protect yourself you can visit DocuSign's Trust Center here.
As a leader in online eSignature security and compliance, DocuSign has a zero-tolerance policy for this type of malicious email and is fully prepared to ensure minimal impact to our customers and company. As we’ve seen, this type of malicious activity is becoming more common, especially to organizations with established, trusted brands. Please note that this malicious activity has no relation to any activity DocuSign is involved.