Bay Area IT Support & IT Services

The Intivix Blog

Business IT Articles, News and Tips

Targeted Malware Campaign Stems From DocuSign Breach

DocuSign Breach

San Francisco-based DocuSign, has recently admitted that they have been successfully targeted by hackers. An alert posted to the company’s website states that a “non-core system” has been breached, resulting in the theft of client email addresses. A complete forensic analysis was conducted, and DocuSign was able to confirm that the email addresses were the only information that was accessed. Client personal data, passwords, and client documents are still secure.

Armed with these email addresses, hackers have rolled out a malicious email campaign with the subject line “Completed: – Wire Transfer Instructions for recipient-name Document Ready for Signature.” These emails provide the target with a link to a downloadable Word document that contains malware.

DocuSign Campaign

This campaign came to the attention of DocuSign earlier this month, but at the time the company believed that the hackers were simply using DocuSign branding and headers in their emails. With the discovery of the breach, it’s now clear that the hackers are targeting DocuSign clients specifically.

As with any malicious email campaign, there are signs to watch out for when checking your inbox that will tip you off to a suspicious message. In this particular case, DocuSign advises clients to keep an eye out for any email that:

  • Comes from an unfamiliar sender
  • Arrives when you are not expecting a document in need of your signature
  • Contains spelling errors, such as or
  • Directs you to a link that starts with anything other than or
  • Asks you to open a PDF, Office document, or ZIP file

If you are expecting a document from DocuSign, as a precaution, avoid clicking on the link provided in the email. Instead, go directly to the DocuSign website and access your document there using the unique security code provided at the bottom of each legitimate email. DocuSign is asking that anyone who receives a suspicious email forward it to [email protected] and then delete the message.

The Ideal Cover for a Hacker

DocuSign boasts more than 100 million clients.  This makes them an ideal cover for hackers looking to pull off a successful phishing scam. Now that hackers have gotten their hands on client email addresses. This is just the first malicious campaign that will target DocuSign users.  Continue to use caution when checking your inbox.  Never hesitate to raise the alarm if you come across an email that seems at all suspicious. Where cyber crime is concerned, it’s always better to be safe than sorry.

Want to learn more about the steps you can take to protect your business against phishing scams or other cyber threats? Contact Intivix at [email protected] or (415)-549-9681. We’re the cyber security experts in the Bay Area that you can trust.