Skip to main content
  1. Home
  2. Computing
  3. News

DocuSign customers are now prime phishing targets after a recent data breach

By

exploit
Image used with permission by copyright holder
When it comes to our technology, It seems like we’re under constant attack lately. From the recent massive ransomware attack to the NSA’s cache of exploits to MacOS joining Windows as a more frequent target, not a day goes by that we’re not facing yet another assault on our privacy and information.

The latest threat comes by way of a data breach at document validation company DocuSign, as Tom’s Hardware reports. DocuSign was looking into a nefarious email campaign that targeted its customers when the company discovered that someone had hacked into its systems and grabbed some email addresses.

Recommended Videos

As Tom’s Hardware points out, having access to email addresses by itself is more of a nuisance than a dire circumstance when it is only the email address and no other personal identifying information is involved such as names, addresses, credit cards, and the like. However, having email addresses for a distinct group such as DocuSign customers creates the perfect opportunity to create an effective phishing campaign. Attackers can use DocuSign’s own branding to trick people expecting email from the company into clicking on unsafe sites or opening infected documents.

DocuSign said that its own eSignature document verification service hasn’t been breached and its customers’ documents are safe. But as we saw with a recent phishing scam that utilized Google’s own authentication system to infect users, cybercriminals are aided greatly by the ability to target specific victims who are likely to believe that an emailed link or document is legitimate.

If you’re a DocuSign customer, then be sure to check out the company’s Trust Center for more information. Its security staff has implemented a plan to secure its systems and has notified law enforcement. In the meantime, it offered up some steps to take to further ensure you are not affected. Here are those steps directly from DocuSign’s Trust Center:

  • Delete any emails with the subject line, “Completed: [domain name] — Wire transfer for recipient-name Document
  • Ready for Signature” and “Completed [domain name/email address] — Accounting Invoice [Number] Document Ready for Signature.” These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam.
  • Forward any suspicious emails related to DocuSign to spam@docusign.com, and then delete them from your computer.
  • They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.
  • Ensure your antivirus software is enabled and up to date.
  • Review our whitepaper on phishing available

The usual tactics for avoiding phishing attacks apply as well. Never open attachments unless you know exactly who sent them and why, and don’t click on links in emails unless the address is valid and trusted. Make sure your browser is up to date and check that a site looks legitimate before entering any personal information.

Editors’ Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
What is Microsoft 365? Here’s the cloud software suite, explained
Microsoft Office free apps.

Microsoft 365 is the brand’s suite of cloud-based productivity apps that can be used for word processing, group collaboration, data analysis, presentation development, storage, and email. Many may be familiar with Microsoft Teams, Word, Excel, PowerPoint, Outlook, and OneDrive as separate applications at one point; however, many high-performance users may utilize more than one of these programs for work, hobbies, or their everyday lives.

This could serve as a reason to consider Microsoft 365, to get more comprehensive access to the brand’s app library. Here is a look at what you need to know about the Microsoft 365 productivity suite.
Microsoft 365 paid subscriptions 

Read more
France’s cyber unit preps for potential cyberattacks targeting Paris Olympics
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Organizers at the Paris Olympics are expecting a wave of cyberattacks to target the Games when the sporting extravaganza kicks off in earnest this weekend.

Researchers have noted that some attacks have already started, with Russia-affiliated hackers suspected to be behind the nefarious efforts, Bloomberg reported on Thursday.

Read more
Gamers are flocking to return Intel CPUs — and some are permanently damaged
A hand holds the Intel Core i9-12900KS.

Intel's troubles with instability on 13th-gen and 14th-gen CPUs continues to escalate, and a new report suggests that gamers are returning these CPUs at a much higher rate than retailers expect. An anonymous European retailer says they've seen four times as many returns for 13th-gen and 14th-gen CPUs compared to 12th-gen, according to a report from French outlet Les Numeriques.

Returns have only ramped up recently, however. The retailer says that in the six months following the release of all three generations, the return rates are nearly identical. Looking at the rate now, however, 13th-gen CPUs are being returned four times as often as 12th-gen, while 14th-gen CPUs are being return three times as much. Given what we've learned about Intel's instability issue, this suggests that the processors do, indeed, degrade over time.

Read more