Earlier this week, DocuSign confirmed that one of their systems was temporarily accessed by hackers, and that email addresses were stolen.
DocuSign also confirmed “no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.”
DocuSign has 200 million users in 118 countries, and has not yet confirmed how many emails were stolen.
As a result, phishing emails are being sent to these stolen addresses, and it seems they look like they were sent via DocuSign. These emails are designed to incite users to click on malicious links or to download infected documents which can install malware into users’ computers.
Legitimate DocuSign emails come from @docusign.com or @docusign.net email addresses.
DocuSign is asking users to forward any suspicious related email to email@example.com, and then delete them from your computer.
Emails may appear suspicious because:
- You don’t recognize the sender;
- You weren’t expecting a document to sign;
- They contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com);
- They contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.
Emails with the following subject lines have already been identified as malicious. There may be more out there, or new ones being sent:
- “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature”;
- “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”;
- “Legal acknowledgement for <person> Document is Ready for Signature” sent from firstname.lastname@example.org
It is expected that these phishing emails will keep on being sent for some time to come.
For more information and regular updates please visit: https://trust.docusign.com/en-us/