DocuSign Says Leaked Customer Emails Used in Phishing Campaign
Electronic signature company DocuSign revealed that hackers had access to their customer emails on Tuesday, May 16. Since then, a surge in phishing email schemes has been seen to be targeting DocuSign users.
The e-signature company has confirmed that hackers have been able to gain temporary access to the company's databases, and it looks like the perpetrators have downloaded their customer email records to use later for an email phishing campaign, according to Reuters.
DocuSign revealed that only email addresses of its users have been accessed during the intrusion, according to a news update posted on their official website. The company stated that in a forensic analysis, no names, addresses, passwords, social security and credit card information were obtained by the intruders.
Their other security and signature authentication features, including their core eSignature Service, DocuSign Envelopes Service, customer documents and client data remain secure, according to the company's news update.
DocuSign has been concerned with the increase in phishing emails sent to their customers following the breach, and the electronic signature company has published alerts in social media and in their website warning users of these scam attempts.
For example, their Frequently Asked Questions post warned users of emails containing the subject lines "Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature" and "Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature." Docusign warns that these emails did not originate from them and that they contain links leading to malware sites.
Users of DocuSign are also alerted against emails containing misspelled sender information like "@docusgn.com" which is missing a letter "i," or shorthand spellings like "@docus.com." The company tells users to forward suspicious emails to spam@docusign.com and deleting them from their inbox afterward. Attachments from these emails should be discarded as well.