Award Winning San Francisco IT Services

Tech Elite

San Francisco-based DocuSign, a major provider of electronic signature technology, has recently admitted that they have been successfully targeted by hackers. An alert posted to the company’s website states that a “non-core system” has been breached, resulting in the theft of client email addresses. A complete forensic analysis was conducted, and DocuSign was able to confirm that the email addresses were the only information that was accessed. Client personal data, passwords, and customer documents are still secure.

Armed with these email addresses, hackers have rolled out a malicious email campaign with the subject line “Completed: docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature.” These emails provide the target with a link to a downloadable Word document that contains malware.

This campaign came to the attention of DocuSign earlier this month, but at the time the company believed that the hackers were simply using DocuSign branding and headers in their emails. With the discovery of the breach, it’s now clear that the hackers are targeting DocuSign customers specifically.

As with any malicious email campaign, there are signs to watch out for when checking your inbox that will tip you off to a suspicious message. In this particular case, DocuSign advises clients to keep an eye out for any email that:

  • Comes from an unfamiliar sender
  • Arrives when you are not expecting a document in need of your signature
  • Contains spelling errors, such as docusgn.com or docus.com
  • Directs you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net
  • Asks you to open a PDF, Office document, or ZIP file

If you are expecting a document from DocuSign, as a precaution, avoid clicking on the link provided in the email. Instead, go directly to the DocuSign website and access your document there using the unique security code provided at the bottom of each legitimate email. DocuSign is asking that anyone who receives a suspicious email forward it to spam@docusign.com and then delete the message.

DocuSign boasts more than 100 million customers, making them an ideal cover for hackers looking to pull off a successful phishing scam. Now that hackers have gotten their hands on customer email addresses, it’s all but guaranteed that this is just the first malicious campaign that will target DocuSign users with this information. Continue to use caution when checking your inbox, and never hesitate to raise the alarm if you come across an email that seems at all suspicious. Where cyber crime is concerned, it’s always better to be safe than sorry.

Want to learn more about the steps you can take to protect your business against phishing scams or other cyber threats? Contact Intivix at sales@intivix.com or (415) 543 1033 . We’re the cyber security experts businesses in San Francisco trust.