A new cyber attack campaign is under way, including distributing emails pretending to come from DocuSign and attempting to trick potential victims to open an MS Office Word document which contains malware.
A company that provides electronic signature technology, DocuSign, reported to consumers that hackers broke into one of its systems and kidnapped user email addresses. DocuSign warns its customers to look out for malicious fraudulent emails.
An increasing volume of phishing emails to DocuSign customers was detected by the company which is constantly communicating with their DocuSign Trust Center.
These fraudulent emails are created to look like they were sent from the DocuSign company. These emails are trying to trick customers so they open Word file which is infected with malware and attempts to compromise victim’s device.
This malware campaign is behind a malicious third party that broke into DocuSign and stole their email addresses that were kept in a separate, non-core system which was used for service-related announcements. According to the company, other user information, including names, passwords, physical addresses, Social Security numbers and credit card information haven’t been reached.
The company added:
No content or any customer documents sent through DocuSign's eSignature system was accessed; and DocuSign's core eSignature service, envelopes and customer documents, and data remain secure.
According to DocuSign, the fraudulent emails consisted subject lines such as “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”.
The consumers were advised to delete all emails that include one of these subject lines because they are not sent by DocuSign and only spreads the malware.
In addition, these suspicious emails should be sent to DocuSign at email@example.com.
The company took actions as soon as it detected the data breach which was shut down immediately and security controls were added in order to prevent any potential similar intrusion in the future.
Your trust and the security of your transactions, documents and data are our top priority. The DocuSign eSignature system remains secure, and you and your customers may continue to transact business through DocuSign with trust and confidence.
If you have any questions or concerns the company also provides its email address you can contact them, firstname.lastname@example.org. Users also can call them at 1-800-379-993.
This incident is investigated at the moment and the company is now dealing with law enforcement in order to solve this issue completely.
Users are advised to make sure their Internet security systems are enabled and up to date.