DocuSign Spoof Emails – detect and prevent secure document phishing attacks

DocuSign have admitted they were the victim of a data breach that has led to massive phishing attacks using the compromised DocuSign user data. Secure document phishing attacks are some of the latest in client endpoint exploits that to the unsuspecting user can have serious repercussions. This latest hack resulted in a 3rd party gaining unauthorised access to a list of email addresses stored on an unsecured DocuSign platform – other than this no private user account data was accessed, however this has resulted in a significant volume of ‘spoof’ DocuSign emails being sent to these users in an attempt to trick recipients into opening an attached Word or PDF document that, when clicked, installs malicious software.

The attackers hit a “non-core system that allows us to communicate service-related announcements to users via email”, the company said in a blog post on the incident.

DocuSign have released the following helpful guidance:

What should I do if I receive a suspicious email?

First and foremost, if you don’t recognise the sender of a DocuSign envelope and you are uncertain of the authenticity of an email, look for the unique security code at the bottom of the notification email. All DocuSign envelopes include a unique security code.

If you think that you have received a fraudulent email, please forward the email to spam@docusign.com, then delete the email.

Please check out the DocuSign Trust Center for the most up-to-date information about personal security and review our whitepaper on phishing.

If there is a security code…

  • Access your documents directly from www.docusign.com, click Access Documents then enter the unique security code.

If there is NO security code…

  • DO NOT click on links or open attachments within the email. This is not a valid DocuSign email and it should be sent to our security team immediately at spam@docusign.com

IMPORTANT: If you did click on a link and provided your DocuSign credentials, please be sure to change your password immediately to ensure the security of your account.

Please update and run antivirus immediately to ensure the security of your system or contact your IT support provider for immediate assistance.

Important information – email account upgrades

Our hosting/email provider will be making some improvements to service over the next coming days. During this time you can continue to use your mailbox to send and receive emails. As part of the migration, you may be logged out of your mailbox. If this happens, just log in again or restart you favorite mail software.

As part of the upgrade all customers on Standard or Starter mailboxes will be upgraded to the new platform featuring (but not limited to):

  • The new platform is faster when searching for emails and content that is stored on the mail server. This helps you to work faster.
  • Improved SPAM and Virus filtering, both in and outbound.
  • All standard mailboxes will be upgraded to the new Mail Lite product, doubling the mailbox storage from 50MB to 100MB free of charge!
  • SMTP (outbound mail routing) is enabled on all email products as standard.
  • Connect to your mailbox using encrypted TLS protocol.

Email icon

If you experience any issues with your standard/free mail account please contact us or log a support ticket