Skip to main content
  1. Home
  2. Computing
  3. News

DocuSign customers are now prime phishing targets after a recent data breach

Mark Coppock
By

exploit
Image used with permission by copyright holder
When it comes to our technology, It seems like we’re under constant attack lately. From the recent massive ransomware attack to the NSA’s cache of exploits to MacOS joining Windows as a more frequent target, not a day goes by that we’re not facing yet another assault on our privacy and information.

The latest threat comes by way of a data breach at document validation company DocuSign, as Tom’s Hardware reports. DocuSign was looking into a nefarious email campaign that targeted its customers when the company discovered that someone had hacked into its systems and grabbed some email addresses.

Recommended Videos

As Tom’s Hardware points out, having access to email addresses by itself is more of a nuisance than a dire circumstance when it is only the email address and no other personal identifying information is involved such as names, addresses, credit cards, and the like. However, having email addresses for a distinct group such as DocuSign customers creates the perfect opportunity to create an effective phishing campaign. Attackers can use DocuSign’s own branding to trick people expecting email from the company into clicking on unsafe sites or opening infected documents.

Related

DocuSign said that its own eSignature document verification service hasn’t been breached and its customers’ documents are safe. But as we saw with a recent phishing scam that utilized Google’s own authentication system to infect users, cybercriminals are aided greatly by the ability to target specific victims who are likely to believe that an emailed link or document is legitimate.

If you’re a DocuSign customer, then be sure to check out the company’s Trust Center for more information. Its security staff has implemented a plan to secure its systems and has notified law enforcement. In the meantime, it offered up some steps to take to further ensure you are not affected. Here are those steps directly from DocuSign’s Trust Center:

  • Delete any emails with the subject line, “Completed: [domain name] — Wire transfer for recipient-name Document
  • Ready for Signature” and “Completed [domain name/email address] — Accounting Invoice [Number] Document Ready for Signature.” These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam.
  • Forward any suspicious emails related to DocuSign to spam@docusign.com, and then delete them from your computer.
  • They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.
  • Ensure your antivirus software is enabled and up to date.
  • Review our whitepaper on phishing available

The usual tactics for avoiding phishing attacks apply as well. Never open attachments unless you know exactly who sent them and why, and don’t click on links in emails unless the address is valid and trusted. Make sure your browser is up to date and check that a site looks legitimate before entering any personal information.

Editors' Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Data breach of unknown entity exposes private data of 80 million U.S. households
Stock photo of lock and data

Security researchers have recently discovered and reported an unprotected database that exposed the personal information of 80 million U.S. households to potential data security threats like identity theft.

According to PCWorld, a team of security researchers from a site known as vpnMentor discovered that the database contained unencrypted data that exposed information such as full street addresses, full names, ages, and dates of birth. Most unsettling was the fact that the data also included “exact longitude and latitude” locations for individuals. The researchers also reportedly found “coded references” to other pieces of personal information such as details on income, gender, marital status, and homeowner status. Interestingly though, the data only seems to expose the information of people ages 40 and older.

Read more
4 CPUs you should buy instead of the Ryzen 7 7800X3D
AMD Ryzen 7 7800X3D sitting on a motherboard.

The Ryzen 7 7800X3D is one of the best gaming processors you can buy, and it's easy to see why. It's easily the fastest gaming CPU on the market, it's reasonably priced, and it's available on a platform that AMD says it will support for several years. But it's not the right chip for everyone.

Although the Ryzen 7 7800X3D ticks all the right boxes, there are several alternatives available. Some are cheaper while still offering great performance, while others are more powerful in applications outside of gaming. The Ryzen 7 7800X3D is a great CPU, but if you want to do a little more shopping, these are the other processors you should consider.
AMD Ryzen 7 5800X3D

Read more
Even the new mid-tier Snapdragon X Plus beats Apple’s M3
A photo of the Snapdragon X Plus CPU in the die

You might have already heard of the Snapdragon X Elite, the upcoming chips from Qualcomm that everyone's excited about. They're not out yet, but Qualcomm is already announcing another configuration to live alongside it: the Snapdragon X Plus.

The Snapdragon X Plus is pretty similar to the flagship Snapdragon X Elite in terms of everyday performance but, as a new chip tier, aims to bring AI capabilities to a wider portfolio of ARM-powered laptops. To be clear, though, this one is a step down from the flagship Snapdragon X Elite, in the same way that an Intel Core Ultra 7 is a step down from Core Ultra 9.

Read more