Alerts and updates

  • DocuSign has observed a new phishing campaign that began around 08:00 on the morning of July 18th  (Pacific Time).. The email purports to come from "DocuSign Electronic Signature and Invoice Service” or similar using the email address "docusign @ ggarvey.net"  The emails have the subject line similar to:

    "You received notification from DocuSign Service“

    These emails contain and it contains a .zip attachment with a malicious .vbs file.  This is a change in tactics. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • DocuSign has observed a new phishing campaign that began around 10:00 on the morning of July 2nd  (Pacific Time).. The email purports to come from "DocuSign Electronic Signature and Invoice Service” or similar using the email address "[email protected]"  The emails have the subject line similar to:

    "You received notification from DocuSign Service“

    These emails contain links to a malicious website that will download malicious executable to your computer.  This is a change in tactics. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB) 

  • Starting at 10 AM EST June 27, 2019 DocuSign sent email communication to customers who have DocuSign accounts that are using our current Connect x.509 certificate.


    This email message was sent to inform account admins and IT contacts that we are renewing the certificate on the schedule that can be found here.


    This email message was erroneously sent to all account users who are using our current x.509 certificate. We apologize for any confusion this has caused.  If you are not the DocuSign account admin or IT contact please disregard that communication.

  • All DocuSign Connect x.509 certificates for Demo, NA1, NA2, NA3, EU, CA and AU have been re-issued and will be renewed between September and November 2019. After the change-over dates, only the renewed (new) certificates will be available for DocuSign Connect. The renewal schedule and new certificates have been posted here: https://www.docusign.com/trust/compliance/public-certificates

  • DocuSign has engaged a new service-specific subprocessor, Google LLC, to deliver an optional product feature within the DocuSign Signature service. This subprocessor will only be used if you choose to enable or purchase the optional product feature for auto-tagging.

    Please review the details of this subprocessor, DocuSign’s commitments under our BCR-P Privacy Code, and your options for objecting to the subprocessor here: https://www.docusign.com/trust/privacy/subprocessors-list

  • DocuSign has observed a new phishing campaign that began around 8:00 on the morning of May 23rd  (Pacific Time).. The email purports to come from "DocuSign Electronic Signature and Invoice Service” or similar using the email address "[email protected]"  The emails have the subject line similar to:

    "You received notification from DocuSign Service“

    These emails contain links to a malicious Microsoft Office document which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB) 

  • On May 14th, 2019 Microsoft released a fix for a remote code execution vulnerability (CVE-2019-0708) residing in Remote Desktop Services and affecting Windows 7, Windows Server 2008 and Windows Server 2008 R2 operating systems. In keeping with our security best practices, we would like to assure customers that all impacted DocuSign systems were immediately patched.

  • DocuSign has observed a new phishing campaign that began around 8:30 on the morning of April 16th (Pacific Time) and is coming in at a very quick rate. The email purports to come from "DocuSign Electronic Signature and Invoice Service” or similar using the email address "[email protected]".  The emails have the subject line similar to:

    "You received notification from DocuSign Service“

    These emails contain links to a malicious Microsoft Office document which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB) 

  • The DocuSign SSL site certificates for NA1 and NA2 are expiring. The renewal schedule and renewed certificates have been posted here: https://www.docusign.com/trust/compliance/public-certificates

     

  • DocuSign has observed a new phishing campaign that began around 8:00 on the morning of April 9th (Pacific Time). The email purports to come from "DocuSign Electronic Signature and Invoice Service” or similar using the email address "[email protected]".  The emails have the subject line similar to:

    "You received notification from DocuSign Service“

    These emails contain links to a malicious Word document which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB) 

  • DocuSign is proceeding with our scheduled Single Sign-On certificate replacement plan.  DocuSign is already issuing authentication requests with the new certificate in all environments.  Next, DocuSign will no longer accept SAML responses encrypted with the old certificate in all environments starting April 11th, 2019 at 4:00 PM PST.

    Please review if your Identity Provider (IdP) has enabled SAML encryption.  If your IdP uses a DocuSign certificate to encrypt SAML responses, you must replace the old certificate with the new certificate found here: https://www.docusign.com/trust/compliance/public-certificates. Failing to update this certificate will not allow a user to log into DocuSign. If you are unsure how to complete these steps please contact your IdP.

  • DocuSign has observed a new phishing campaign that began around noon of April 4th (Pacific Time). The email purports to come from "DocuSign Electronic Signature” using the email address "[email protected]".  The emails have the subject line similar to:

    "You received notification from DocuSign Service“

    These emails contain links to a malicious Word document which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB) 

Pages