DocuSign has announced that it recently detected an increase in phishing emails sent to some of its customers and users. The company is posting alerts on the “DocuSign Trust Site” and on social media, and offered a list of tips its users can do to ensure the security of their email and systems
DocuSign has 12 of the top 15 U.S. financial services companies as customers, according to a report from Reuters.
"Some DocuSign users began receiving phishing emails after hackers temporarily breached a company database containing customer email addresses, and the electronic signature service is advising customers to take specific steps to ensure the security of their systems," DocuSign said.
The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software. In response to those incidents, the company confirmed that its core eSignature service, envelopes and customer documents remain secure.
During its ongoing investigation into the incident, the company discovered that a “malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email.”
“A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed,” DocuSign wrote on its website. “No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.”
DocuSign since has prohibited unauthorized access to the system and put other security controls in place, as well. The company also stated that it is working with law enforcement agencies in its investigation.
DocuSign is recommending to its customers, “[o]ut of an abundance of caution as a trusted brand and to protect you from any further phishing attacks against your email,” to take the following steps to ensure the security of their email and systems:
- Delete any emails with the subject line, “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature.”These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam.
- Forward any suspicious emails related to DocuSign to [email protected], and then delete them from your computer. They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.
- Ensure your anti-virus software is enabled and up to date.
- Review DocuSign’s whitepaper on phishing, available at https://trust.docusign.com/static/downloads/Combating_Phishing_WP_05082017.pdf
DocuSign has reiterated that its eSignature system remains secure, and its users and their customers “may continue to transact business through DocuSign with trust and confidence.”
For updates and more information, visit the DocuSign Trust Site where the company states it will post any new information as it becomes available. Email questions to [email protected] or call 800-379-9973.