2 min read

DocuSign admits hackers accessed its customer email database, sent out malware

Graham CLULEY

May 16, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
DocuSign admits hackers accessed its customer email database, sent out malware

If you ever work on contracts with other companies there is a good chance you will have found yourself signing a document electronically, and if that’s the case there’s a good chance you will have used the DocuSign digital signature service. You may not have even used the service so often that you barely think twice before clicking on links that the company sends to you.

The truth is, however, that you might be wiser to show more caution.

 

 

Earlier this month DocuSign detected that some of its customers and users were receiving emails purporting to come from the company, attempting to trick recipients into clicking on an attached Word document that would install malware.

The emails had subject lines like:

“Completed: [domain name] – Wire Transfer Instructions for [recipient name] Document Ready for Signature”

or

“Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”

So far, so not very unusual. It sounds like the usual story of online criminals forging email headers and spamming out malware posing as a legitimate communication.

But the story has become more serious, as DocuSign has now discovered that hackers managed to breach its systems and gain access to a system that allowed the attackers to send out emails to DocuSign’s customers.

“…today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email. A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign”s eSignature system was accessed; and DocuSign”s core eSignature service, envelopes and customer documents and data remain secure.”

“In short, the malicious emails pretending to come from DocuSign were sent by an unauthorised third-party who had accessed email addresses via one of DocuSign”s non-core systems. The hackers then sent out phishing emails to those email addresses.”

DocuSign is asking users who have received suspicious emails to forward them to spam@docusign.com, before deleting them from their inbox.

The company is also underlining that it will never ask recipients to open a PDF, Word document or ZIP file attachment in an email.

Of course, following the breach your email address has fallen into the hands of hackers. They may use that to send you fraudulent emails designed to infect your computer with malware or steal your credentials, or they may even sell it on to other criminal gangs.

Keep your wits about you, and always be careful about clicking on unsolicited email attachments – even if it does appear to have been sent to you by a legitimate business.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet
Silviu STAHIE

February 08, 2023

2 min read
Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns
Silviu STAHIE

February 06, 2023

1 min read
U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine
Silviu STAHIE

February 03, 2023

1 min read