Skip to main content

DocuSign customers are now prime phishing targets after a recent data breach

When it comes to our technology, It seems like we’re under constant attack lately. From the recent massive ransomware attack to the NSA’s cache of exploits to MacOS joining Windows as a more frequent target, not a day goes by that we’re not facing yet another assault on our privacy and information.

The latest threat comes by way of a data breach at document validation company DocuSign, as Tom’s Hardware reports. DocuSign was looking into a nefarious email campaign that targeted its customers when the company discovered that someone had hacked into its systems and grabbed some email addresses.

Recommended Videos

As Tom’s Hardware points out, having access to email addresses by itself is more of a nuisance than a dire circumstance when it is only the email address and no other personal identifying information is involved such as names, addresses, credit cards, and the like. However, having email addresses for a distinct group such as DocuSign customers creates the perfect opportunity to create an effective phishing campaign. Attackers can use DocuSign’s own branding to trick people expecting email from the company into clicking on unsafe sites or opening infected documents.

DocuSign said that its own eSignature document verification service hasn’t been breached and its customers’ documents are safe. But as we saw with a recent phishing scam that utilized Google’s own authentication system to infect users, cybercriminals are aided greatly by the ability to target specific victims who are likely to believe that an emailed link or document is legitimate.

If you’re a DocuSign customer, then be sure to check out the company’s Trust Center for more information. Its security staff has implemented a plan to secure its systems and has notified law enforcement. In the meantime, it offered up some steps to take to further ensure you are not affected. Here are those steps directly from DocuSign’s Trust Center:

  • Delete any emails with the subject line, “Completed: [domain name] — Wire transfer for recipient-name Document
  • Ready for Signature” and “Completed [domain name/email address] — Accounting Invoice [Number] Document Ready for Signature.” These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam.
  • Forward any suspicious emails related to DocuSign to spam@docusign.com, and then delete them from your computer.
  • They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.
  • Ensure your antivirus software is enabled and up to date.
  • Review our whitepaper on phishing available

The usual tactics for avoiding phishing attacks apply as well. Never open attachments unless you know exactly who sent them and why, and don’t click on links in emails unless the address is valid and trusted. Make sure your browser is up to date and check that a site looks legitimate before entering any personal information.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
This quirky AI-powered camera prints poems, not photos
The Poetry Camera.

The Poetry Camera is an ingenious device that doesn’t take photos but instead makes poems.

The clever contraption features a lens that observes its surroundings before using AI to craft a poem inspired by the scene. It then prints the verse through a slot on the front -- similar to how a Polaroid camera delivers photos. You can see it in action in the video above.

Read more
I loved this AI-first web browser, but experts warned me of ‘free’ AI
Launch screen of Dia browser.

“If you're not paying for the product, you are the product.” 

Bogdan Onikiienko, an engineer at MacPaw, dropped that hard-hitting quote on me after using Dia, a new-age web browser that heavily relies on AI. He found it quite useful, but warned me that there are still a few unknowns, especially the privacy aspect.

Read more
Meta’s new Oakley smart glasses bring major advantages to connected eyewear
Oakley Meta HSTN smart glasses

Meta and Oakley have combined forces to brings us a brand new set of the smart glasses, the Oakley Meta HSTN (pronounced HOW-stuhn), with significant camera and battery upgrades over previous Meta specs.

They're being dubbed as 'Performance AI glasses', apparently built with athletes in mind. They're equipped with the Meta AI voice assistance, allowing you to trigger actions with your voice - such as starting a recording via the built in camera.

Read more