DocuSign Phisher Hacked Firm to Access Customer Emails

Written by

Electronic signature provider DocuSign has warned its customers of an uptick in phishing attacks after a hacker managed to access user email addresses by targeting the company itself.

The phishing campaign has been ongoing for over a week, with DocuSign posting customer alerts to that effect.

However, the firm has now admitted that it was made possible after a malicious third party managed to gain access to “a separate, non-core system that allows us to communicate service-related announcements to users via email”.

It added:

“A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.”

The firm urged customers to remain cautious and delete any emails with the following subject lines: “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”.

The phishing emails in question will try to trick recipients into opening a malicious attachment or clicking on a malicious link, DocuSign claimed.

It also advised customers to be on the lookout for any emails purporting to come from the firm that contain spelling mistakes and/or come from an unfamiliar recipient.

Phishing has become an increasingly popular tactic for cybercriminals looking to exploit unwary users.

It was present in 21% of attacks last year, up from just 8% the previous year, according to the latest Verizon (DBIR).

Looking back at previous DocuSign alerts, this phishing campaign is by no means the first customers have been exposed to.

In November, customers were warned of a malicious email campaign in which customers received a message designed to trick them into running macro-enabled-malware.  

What’s hot on Infosecurity Magazine?