DocuSign Alert - Spam Malware

DocuSign Alert

Tashly Bookkeeprs Blog – DocuSign Alert!

Recent DocuSign Phishing Attack.

We use DocuSign for signing of important documents including BAS. We note that there is SPAM / Malware going around using the layout of DocuSign (see example we received below). It even says “tashly” in the subject line which could mislead clients to believe that we have sent them something.

How can clients tell the difference? Generally we will always send an email outlining that we are about to send a letter/document via DocuSign so they will expect it from us. Something arriving without us forewarning is most likely SPAM / Malware.

Our branding is also PINK inside DocuSign, with our logo and a picture of our chief bean counter Natasha Sampson-Ly (see example below) – which again should be quite distinguishable coming from us – Just wanting our clients to be aware & safe online.

In addition – DocuSign are fully aware of this phishing scam and have prepared some “frequently-asked questions” below.

Q: What actually happened?

A: Last week and again yesterday, DocuSign detected an increase in phishing emails sent to some of our customers and users – and we posted alerts on the DocuSign Trust Center and in social media. The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software.

As part of our process in response to phishing incidents, we confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure. However, as part of our ongoing investigation, on Monday we confirmed that a malicious third party had gained temporary access to a separate, non-core system used for service-related announcements.

A complete forensic analysis has confirmed that only a list of email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

Q: Is my DocuSign envelope and data secure?

A: As part of our process in response to phishing incidents, we confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure.

Q: Has my instance of DocuSign been impacted?

A: We have no evidence that there is any impact to any instance of DocuSign, and as part of our process in response to phishing incidents, we confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure.

Q: What information was impacted?

A: It was a list of email addresses stored in a separate, non-core system used for service-related announcements.

Q: Is it possible that my customers or their customers email addresses were accessed?

A: Yes, it is possible they were accessed as part of the list. We would encourage you to utilize the existing materials on the DocuSign Trust Center to help your customers avoid being the victims of phishing.

Q: Were my employees’ email addresses included?

A: It is possible that they were accessed, yes.

Q: How many people were affected? How many email addresses compromised?

A: Right now we are still acting on the results of our ongoing investigation and cannot comment on those details.

Q: What systems were impacted?

A: As part of our ongoing investigation, we confirmed that a malicious third party had gained temporary access to a separate, non-core system used for service-related announcements.

Q: Why did we have to hear about it via social media?

A: We have been actively communicating via the DocuSign Trust Center since last week when we first discovered the increase in phishing emails to customers and users. Then as soon as we saw the increase on Monday this week, we updated the Trust Center and posted updates across our Web site and social media channels. We are also working on direct customer outreach.

Q: Was any other information impacted outside of my email address?

A: A complete forensic analysis has confirmed that only a list of email addresses were accessed: no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

Q: How are you so sure only my email address was impacted?

A: A complete forensic analysis has confirmed that only a list of email addresses were accessed: no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed. DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

Q: What should I do about this?

A: We recommend taking the following steps to ensure the security of your email and systems:

Delete any emails with the subject line, “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”. These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam.

Forward any suspicious emails related to DocuSign to spam@docusign.com, and then delete them from your computer. They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like ‘@docusgn.com’ without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.
Ensure your anti-virus software is enabled and up to date.
Review our whitepaper on phishing available at https://trust.docusign.com/static/downloads/Combating_Phishing_WP_05082017.pdf

Q: I/one of my employees opened a suspicious email, what should I do?

A: If possible ensure that they do not click the link and/or install malicious code. We would also recommend continual education and content updates to your internal teams in terms of best practices around phishing. And we recommend taking the following steps to ensure the security of your email and systems:

Delete any emails with the subject line, “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”. These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam.

Forward any suspicious emails related to DocuSign to spam@docusign.com, and then delete them from your computer. They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like ‘@docusgn.com’ without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.
Ensure your anti-virus software is enabled and up to date.
Review our whitepaper on phishing available at https://trust.docusign.com/static/downloads/Combating_Phishing_WP_05082017.pdf

Q: What additional steps is DocuSign taking to address this issue?

A: We have taken immediate action to prohibit unauthorized access to this system, we have put further security controls in place, and are working with law enforcement agencies.

Q: Is this related to the global ransomware attack of late last week?

A: No.

View original DocuSign Article Here

Tashly Consulting - DocuSign Official
DocuSign Spam, Phishing

Tashly Consulting – dedicated to providing seamless, high-quality, transparent bookkeeping services – If you would like a further information or support please contact us via telephone (08) 8121 4424 or via email.


Tashly Consulting – Not your average Bean Counter!


Disclaimer: All or any advice contained in this blog/newsletter is of a general nature only & may not apply to your individual business circumstances. For specific advice relating to your specific situation, please contact your accountant or other professional adviser for further discussion.

Leave a Reply

Your email address will not be published. Required fields are marked *

*