In early May, DocuSign confirmed one of their systems was temporarily accessed by hackers and email addresses were stolen.
According to DocuSign, “no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed.” In addition, “no content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.”
However, the popular e-signature tool, used by an estimated 13,000 of our members, has not yet confirmed how many emails were stolen.
Who is potentially affected?
If you have signed up for a DocuSign account, you could be at risk. This includes direct DocuSign customers, those who signed a document and elected to open a DocuSign account or someone who signed up for a DocuSign freemium account via DocuSign.com, through a partner integration or the DocuSign mobile client.
How are you at risk?
Cybercriminals who have the email addresses know DocuSign users are more likely to expect and open emails from DocuSign or to click on links within the emails. They will use this information to send phishing emails designed to look like they are sent by DocuSign in order to entice users into clicking on malicious links or download infected documents which can install malware into users’ computers. Emails may appear suspicious for any of thefollowing reasons:
- You don’t recognize the sender.
- You weren’t expecting a document to sign.
- They contain misspellings (like docusgn.com or @docus.com).
- They contain an attachment or direct you to a link that starts with anything other than docusign.com or www.docusign.net.
Emails with the following subject lines have already been identified as malicious. Keep in mind, there may be more or new ones out there:
- “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature.”
- “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature.”
- “Legal acknowledgement for <person> Document is Ready for Signature” sent from email@example.com.
Why is this a big deal?
Since the email addresses have already been compromised, it’s expected users will be targeted with a variety of phishing emails for some time to come.
What should you do?
- Forward any suspicious emails related to DocuSign to firstname.lastname@example.org and then delete them from your computer.
- When in doubt, access your documents directly by visiting docusign.com and entering the unique security code included at the bottom of every legitimate DocuSign email. According to DocuSign, it will never ask recipients to open a PDF, Office document or Zip file within an email.
- Ensure your anti-virus software is enabled and up-to-date.
More information on how to protect yourself from phishing scams can also be found by visiting: