DocuSign Phishing Attack: Only Email Addresses Were Accessed
DocuSign, an electronic signature technology provider, recently confirmed a malicious third party launched a phishing attack to gain temporary access to a non-core system used for service-related announcements.
A forensic analysis revealed only a list of email addresses was accessed during the phishing attack, according to DocuSign. However, DocuSign has not yet confirmed the number of emails that were accessed.
The analysis also showed no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed, DocuSign said.
Furthermore, no content or any customer documents sent through DocuSign’s eSignature system were accessed, the company pointed out.
DocuSign Phishing Attack: A Closer Look
DocuSign this month detected an increase in phishing emails sent to some of its users. These emails “spoofed” the DocuSign brand, the company indicated, in an attempt to trick recipients into opening an attached Word document that would install malicious software.
The company posted alerts on the DocuSign Trust Center and in social media to inform users about the phishing emails, according to DocuSign.
Now, the DocuSign eSignature service, envelopes and customer documents remain secure, the company stated.
“We have no evidence that there is any impact to any instance of DocuSign,” DocuSign noted in a prepared statement.
DocuSign Phishing Attack: Fallout
DocuSign is actively communicating about the phishing attack via the DocuSign Trust Center and posting updates across its website and social media channels, according to the company. It also is working on direct customer outreach.
In addition, DocuSign has “taken immediate action to prohibit unauthorized access to [the affected] system … put further security controls in place and [is] working with law enforcement agencies,” the company said in a prepared statement.
DocuSign Email and System Security Tips
DocuSign has offered the following email and system security tips to those who may have been affected by the phishing attack:
- Delete any emails with the following subject line: “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature.”
- Forward any suspicious emails related to DocuSign to firstname.lastname@example.org. Then, delete these emails.
- Ensure your antivirus software is up to date.
- Implement email security best practices. Never send out personal information from an unsecured email and ensure all email is encrypted.
- Train your employees. Teach employees how to identify and address phishing attacks.
- Use an email security company. An email security service can help companies limit the amount of spam and phishing emails that reach employee inboxes.
Many email security service providers are available, The Email Laundry CEO Ken Bagnall said in a prepared statement.
As such, companies that work with an email security service provider may be better equipped than others to reduce the risk of falling victim to a phishing attack, Bagnall indicated.