Alerts and updates

  • DocuSign uses the latest innovations and industry knowledge to keep our customers safe, but it takes awareness and dedication from everyone involved to reach maximum security. Read about our top pointers to help you stay safe online:

    • Create complex, unique passwords and keep them secure: don’t write down or share passwords—and be extra careful when using public or shared computers.
    • Take IT precautions to protect against spam: keep your anti-virus software up-to-date; provide trainings on phishing and fraudulent activities, etc.  
    • Be on the lookout for fraudulent emails and unsafe websites: proceed with caution when accessing unfamiliar emails and websites. Unrecognizable links, bad grammar and misspellings, and fake greetings can all be red flags that indicate a phishing email. For website safety, make sure “https” is in your browser address bar if you’re entering any personal information.

    Remember: online safety starts with you. You’re the first and best line of defense in fighting online fraud. Learning how to identify and steer clear of phishing scams, social engineering attempts, and other types of online fraud is the best way to protect yourself and your information.

    Visit our Security Resources page for more safety essentials, including our Combating Phishing white paper, to help keep you and the greater online community safe.

  • DocuSign has observed a new phishing campaign that began the morning of August 6th (Pacific Time). The email purports to come from DocuSign using the email addresses [email protected] The emails all have the subject:

    "You received invoice from DocuSign Electronic Signature Service"

    These emails contain a malicious Word document. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign has observed a new phishing campaign that began the morning of July 19th (Pacific Time). The email purports to come from DocuSign using the email addresses [email protected] The emails all have the subject:

    "ADP sent you a new document to sign"

    These emails contain a malicious Word document as an attachment, ADP-Document-3810922.doc. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign has observed a new phishing campaign that began the morning of July 16th, 2018 (Pacific Time). The email purports to come from "DocuSign Signature and Invoice Service" (or similar) using the email address [email protected]. The emails all have the subjects:

    "You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"

    These emails contain links to a malicious Word document. This emails are not sent from DocuSign. Do not click the links in these emails, instead please forward them to [email protected] and then delete the email immediately. 

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign has observed a new phishing campaign that began the morning of July 10th (Pacific Time). The email purports to come from DocuSign using the email addresses [email protected]. The emails all have the subject:

    "You have a new document to review and sign"

    These emails contain a malicious Word document as an attachment, 3873JDSB987391.doc. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • DocuSign has observed a new phishing campaign that began the morning of June 5th, 2018 (Pacific Time). The email purports to come from "DocuSign Electronic Signature and Invoice Service" using the email address [email protected] . The emails all have the subjects:

    You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service

    These emails contain links to a malicious Word document. This emails are not sent from DocuSign. Do not click the links in these emails, instead please forward them to [email protected] and then delete the email immediately. 

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • DocuSign has observed a new phishing campaign that began the morning of May 8th, 2018 (Pacific Time). The email purports to come from "DocuSign Electronic Signature and Invoice Service" using the email address [email protected]. The emails all have the subjects:

    You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service

    These emails contain links to a malicious Word document. This emails are not sent from DocuSign. Do not click the links in these emails, instead please forward them to [email protected] and then delete the email immediately. 

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • To remain PCI DSS compliant after June 30, 2018, all inbound and outbound DocuSign requests are required to deprecate TLS v1.0 connections along with legacy ciphers as noted in our original end of support notice.

    DocuSign Connect listeners that work only with TLS v1.0 will no longer function after DocuSign’s TLSv1.0 deprecation scheduled for June 25, 2018, in our production environment and May 29, 2018, in our demo environment.

    For customers using DocuSign Connect listeners, integration owners should ensure that those listeners can work with TLSv1.1 or higher to avoid any service interruptions after TLSv1.0 support ends.

    For more information about DocuSign Connect, please visit the DocuSign Connect Guide here.

  • DocuSign has observed a new phishing campaign that began the morning of April 27th (Pacific Time). The email purports to come from DocuSign using the email addresses [email protected]. The emails all have the subject:

    "You have received a secure document via Docusign"

    These emails contain a malicious Word document as an attachment, 3873JDSB987391.doc. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • DocuSign will end TLSv1.0 support in our demo environment effective May 29, 2018. This will help customers plan and test for the end of TLSv1.0 support in our production environment, scheduled for June 25, 2018.

    This action will give customers time to update their integrations before our production environment ends support for TLSv1.0 on June 25, 2018.

    DocuSign’s end of support dates for TLSv1.0 are as follows:

    Environment TLSv1.0 Deprecation Date
    Demo May 29, 2018
    Production June 25, 2018

    For more information about TLSv1.0 deprecation, including instructions for testing and updating your browsers, please visit the DocuSign Support article here.

  • To ensure smooth DocuSign support deprecation for TLSv1.0, we have changed the effective date for this change. DocuSign will end TLSv1.0 support effective June 25, 2018. Please refer to the original end of support notice for further details.

    Visit DocuSign’s System Requirements page for information about browsers supported by DocuSign. These browsers will continue to work after the change.

  • DocuSign has observed a new phishing campaign that began the morning of March 22nd, 2018 (Pacific Time). The email purports to come from DocuSign using the email addresses [email protected] and [email protected]. The emails all have the subject:

    "You have received a secure document"

    These emails contain a malicious Word document as an attachment, 9S659EHDCSI72649DS.doc.

    These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

Pages