DocuSign customers are now prime phishing targets after a recent data breach

exploit
When it comes to our technology, It seems like we’re under constant attack lately. From the recent massive ransomware attack to the NSA’s cache of exploits to MacOS joining Windows as a more frequent target, not a day goes by that we’re not facing yet another assault on our privacy and information.

The latest threat comes by way of a data breach at document validation company DocuSign, as Tom’s Hardware reports. DocuSign was looking into a nefarious email campaign that targeted its customers when the company discovered that someone had hacked into its systems and grabbed some email addresses.

As Tom’s Hardware points out, having access to email addresses by itself is more of a nuisance than a dire circumstance when it is only the email address and no other personal identifying information is involved such as names, addresses, credit cards, and the like. However, having email addresses for a distinct group such as DocuSign customers creates the perfect opportunity to create an effective phishing campaign. Attackers can use DocuSign’s own branding to trick people expecting email from the company into clicking on unsafe sites or opening infected documents.

DocuSign said that its own eSignature document verification service hasn’t been breached and its customers’ documents are safe. But as we saw with a recent phishing scam that utilized Google’s own authentication system to infect users, cybercriminals are aided greatly by the ability to target specific victims who are likely to believe that an emailed link or document is legitimate.

If you’re a DocuSign customer, then be sure to check out the company’s Trust Center for more information. Its security staff has implemented a plan to secure its systems and has notified law enforcement. In the meantime, it offered up some steps to take to further ensure you are not affected. Here are those steps directly from DocuSign’s Trust Center:

  • Delete any emails with the subject line, “Completed: [domain name] — Wire transfer for recipient-name Document
  • Ready for Signature” and “Completed [domain name/email address] — Accounting Invoice [Number] Document Ready for Signature.” These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam.
  • Forward any suspicious emails related to DocuSign to spam@docusign.com, and then delete them from your computer.
  • They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.
  • Ensure your antivirus software is enabled and up to date.
  • Review our whitepaper on phishing available

The usual tactics for avoiding phishing attacks apply as well. Never open attachments unless you know exactly who sent them and why, and don’t click on links in emails unless the address is valid and trusted. Make sure your browser is up to date and check that a site looks legitimate before entering any personal information.

Mobile

Think iPhones can’t get viruses? Our expert explains why it could happen

If your iPhone has been acting strangely, then you may be concerned about the possibility it is infected with a virus or some malware. We take a look at just how likely that is and explain why iOS is considered relatively safe.
Computing

Don’t be fooled! Study exposes most popular phishing email subject lines

Phishing emails are on the rise and a new study out by the cybersecurity company Barracuda has exposed some of the most common phishing email subject lines used to exploit businesses. 
Computing

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.
Mobile

Free yourself! How to unlock a phone from the icy hands of your wireless carrier

Do you want to know how to unlock a phone through your carrier or a third-party service like DoctorSIM? Regardless of which way you want to go, we've compiled a list of requirements and methods for doing so.
Computing

If you have $5,200, Apple has 256GB of RAM for your iMac Pro

Professionals looking to run intensive applications will be able to push their work a bit further with Apple's latest iMac Pro, which holds 256GB of DD4 ECC RAM for $5,200. Here's why it costs so much to upgrade your iMac Pro to the top.
Deals

From Air to Pro, here are the best MacBook deals for March 2019

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.
Product Review

The Lenovo Legion Y740 brings RTX 2080 graphics power for under $2,500

Coming with the Intel Core i7-8750H processor, Nvidia GeForce RTX 2080 Max-Q graphics, 16GB of RAM, and a 256GB PCIe NVMe SSD, the Legion Y740 one big beast. But priced at under $2,500 how does Lenovo’s Legion stand up against the crowd?
Computing

Oculus shows off the Rift S, plans to phase out its original VR headset

Oculus plans to phase out its flagship Rift VR headset for its newly created Rift S. The Rift S made its debut this week at the 2019 Game Developers Conference and is expected to be released in spring 2019.
Computing

Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.
Computing

Get the best of both worlds by sharing your data on MacOS and Windows

Compatibility issues between Microsoft Windows and Apple MacOS may have diminished sharply over the years, but that doesn't mean they've completely disappeared. Here's how to make an external drive work between both operating systems.
Computing

Give your MacBook Air some added style with one of these great cases or sleeves

Whether you’re looking for added protection or a stylish flourish, you’re in the right place for the best MacBook Air cases. We have form-hugging cases, luxurious covers, and padded sleeves priced from $10 to $130. Happy shopping!
Computing

Intel teases 9th-generation Core i9 mobile processors at GDC 2019

Intel teased its new 9th-generation Intel Core i9 processors at GDC 2019. The company offered few specifics about the hardware, but a leak from late February provides insight into what the new processors might offer.
Computing

Intel Command Center lays foundation for next year’s ‘Arctic Sound’ GPU

Intel revealed its new Command Center driver software at GDC 2019. The updated interface will control current Intel integrated graphics and also lays the groundwork for next year's Intel video card.
Web

How much!? British Airways glitch results in $4.2M quote for family vacation

Website errors sometimes cause flight prices to display at way below the correct price. But British Airways recently experienced the opposite issue when it tried to charge a family more than $4 million for a vacation in Mexico.