DocuSign, a major provider of electronic signature technology has confirmed that a series of malware and phishing emails targeting it’s users was the cause of a data breach in their system. DocuSign stresses that only user email addresses were stolen, however, they noted that this could potentially be a very dangerous situation as these customers may be expecting a DocuSign email and unknowingly click on a link that would allow the malware into their system.
The information was enough to allow attackers to craft specially targeted e-mail campaigns at users featuring doctored branding and headers that make messages appear to contain legitimate DocuSign attachments. Many of the phishing e-mails contains the following in the header: “Completed: docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature.” The message contained a link to a downloadable Microsoft Word document that harbored malware.
DocuSign recommends anyone receiving the suspicious e-mails to forward them to the company at email@example.com and then delete the message.
The emails may appear suspicious because the sender isn't recognized, you weren’t expecting a document to sign, it contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com), it contains an attachment, or it directs you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.
If you have reason to expect a DocuSign document via email, don’t respond to an email that looks like it’s from DocuSign by clicking a link in the message. When in doubt, access your documents directly by visiting docusign.com, and entering the unique security code included at the bottom of every legitimate DocuSign email. DocuSign says it will never ask recipients to open a PDF, Office document or ZIP file in an email.