DocuSign data breach used for email phishing attacks!

Share if you likedShare on Facebook0Share on Google+3Tweet about this on TwitterShare on LinkedIn4

DocuSign is a San Francisco- and Seattle-based company that provides electronic signature technology and Digital Transaction Management services for facilitating electronic exchanges of contracts and signed documents.

DocuSign, one of the most common digital signature services, said, that a database of client emails was hacked and used in a phishing attack that began last week.

The phishing emails were meant to look like DocuSign sent them. The subject lines said “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature.” And if the victim opened the attachments, malware will be installed.

DocuSign started to track the phishing campaign on its security site on May 9, although it was not until yesterday that it verified its email list had been stolen.

The company said:
“Last week and again this morning, DocuSign detected an increase in phishing emails sent to some of our customers and users – and we posted alerts here on the DocuSign Trust Site and in social media. The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software. As part of our process in response to phishing incidents, we confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure. ”

“However, as part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email. A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

DocuSign recommends taking the following steps to ensure the security of your email and systems:

– Delete any emails with the subject line, “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”.

– Forward any suspicious emails related to DocuSign to [email protected], and then delete them from your computer.

– Ensure your anti-virus software is enabled and up to date.

Share if you likedShare on Facebook0Share on Google+3Tweet about this on TwitterShare on LinkedIn4

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply