Today's Hard|Forum Post
Today's Hard|Forum Post

Wednesday May 17, 2017

DocuSign Users Targets of Phishing Campaign - Be Vigilant

If you have ever used DocuSign, a way of digitally signing a document legally, it is likely that you are being phished, or will be soon. The company verified that its data had been breached this week.

As part of our commitment to updating everyone as we identify new information during our investigation, we can now confirm that only people with a DocuSign account were impacted by this incident – those who signed a document without a DocuSign account were not among the list of email addresses that were accessed maliciously. That said, even though an employee or customer of yours would not be on the list unless they had an account with DocuSign, we would still encourage you to utilize the existing materials on the DocuSign Trust Center to help them avoid being the victims of phishing.

News Image
DocuSign is pointing out that "just" the email addresses have been stolen, that means that the rest of your personal data is not exposed. But here is the issue. Folks are getting phishing emails that look like real DocuSign emails and clicking the links as they are used to doing which is resulting in some nastiness being released on your PC.

The emails "spoofed" the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software.

In order to combat this, and you have to be a DocuSign customer, you need to log directly into the DocuSign site to make sure the notices you are getting are genuine. I personally am never clicking anything ever again. I hope DuckDuckGo comes up with some more interesting landing pages.