DocuSign Says Leaked Customer Emails Used in Phishing Campaign

By Edward Leano, Christian Post Contributor

Electronic signature company DocuSign revealed that hackers had access to their customer emails on Tuesday, May 16. Since then, a surge in phishing email schemes has been seen to be targeting DocuSign users.

The e-signature company has confirmed that hackers have been able to gain temporary access to the company's databases, and it looks like the perpetrators have downloaded their customer email records to use later for an email phishing campaign, according to Reuters.

DocuSign revealed that only email addresses of its users have been accessed during the intrusion, according to a news update posted on their official website. The company stated that in a forensic analysis, no names, addresses, passwords, social security and credit card information were obtained by the intruders.

Get Our Latest News for FREE

Subscribe to get daily/weekly email with the top stories (plus special offers!) from The Christian Post. Be the first to know.

Their other security and signature authentication features, including their core eSignature Service, DocuSign Envelopes Service, customer documents and client data remain secure, according to the company's news update.

DocuSign has been concerned with the increase in phishing emails sent to their customers following the breach, and the electronic signature company has published alerts in social media and in their website warning users of these scam attempts.

For example, their Frequently Asked Questions post warned users of emails containing the subject lines "Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature" and "Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature." Docusign warns that these emails did not originate from them and that they contain links leading to malware sites.

Users of DocuSign are also alerted against emails containing misspelled sender information like "@docusgn.com" which is missing a letter "i," or shorthand spellings like "@docus.com." The company tells users to forward suspicious emails to spam@docusign.com and deleting them from their inbox afterward. Attachments from these emails should be discarded as well.

Was this article helpful?

Help keep The Christian Post free for everyone.

By making a recurring donation or a one-time donation of any amount, you're helping to keep CP's articles free and accessible for everyone.

$25/month$50/quarter$100/yearOne-time

We’re sorry to hear that.

Hope you’ll give us another try and check out some other articles. Return to homepage.

Most Popular

More Articles