DocuSign Phishing Scam.
INNOVATE would like to advise you that DocuSign has admitted they were the victim of a data breach that has led to phishing attacks which used exfiltrated DocuSign information. They discovered the data breach when DocuSign customers were targeted with phishing campaigns. Following an investigation, they have determined that hackers had gained temporary access to a separate, non-core system that allows DocuSign to communicate service-related announcements to users via email.
To date, the campaigns all had Word documents as attachments and used social engineering to trick users into activating Word’s macro feature which will download and install malware on the user’s workstation. DocuSign warned that it is highly likely there will be more campaigns in the future. These emails look very real.
If you receive a DocuSign email that you are suspicious of, please do not hesitate to call us to confirm the email’s authenticity.
Don’t Get Phished: Tips for Foiling Scammers with IT Security
A few simple techniques can help you spot the difference between a spoof DocuSign email vs. the real thing:
- Hover over the link – URLs to view or sign DocuSign documents contain “docusign.net/” and always start with https
- Access your documents directly from www.docusign.com by entering the unique security code, which included at the bottom of every DocuSign email
- Do NOT open unknown or suspicious attachments, or click links – DocuSign will never ask you to open an office document or zip file in an email
- Look for misspellings, poor grammar, generic greetings and a false sense of urgency
- Use strong, unique passwords for each service – don’t reuse passwords on multiple websites
- Ensure your anti-virus software is up to date, and all application patches are installed
- Contact the sender offline to verify the email’s authenticity if you’re still suspicious
- Report suspicious DocuSign emails to us support@innovate.ie or to spam@docusign.com.