Alerts and updates
-
02/14/2019
DocuSign has observed a new phishing campaign that began the morning of February 14th (Pacific Time). The email purports to come from "DocuSign Electronic Signature” using the email address "[email protected]". The emails all have the subject:
"You received invoice from DocuSign Electronic Signature Service“
These emails contain links to a malicious Word document or Microsoft Excel Spreadsheet which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
01/22/2019The DocuSign SSO certificate is expiring. The renewal schedule has been posted here:https://www.docusign.com/trust/compliance/public-certificates
-
01/14/2019
DocuSign has observed a new phishing campaign that began the morning of January 14th (Pacific Time). The email purports to come from "DocuSign Signature and Invoice Service" using the email address [email protected]. The emails all have the subject:
"You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"
These emails contain links to a malicious Word document or Microsoft Excel Spreadsheet which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
01/02/2019
The DocuSign Site certificates for Demo and EU are expiring. The renewal schedule has been posted here:https://www.docusign.com/trust/compliance/public-certificates
-
12/17/2018
DocuSign has observed a new phishing campaign that began the morning of December 17th (Pacific Time). The email purports to come from "DocuSign Signature and Invoice Service" using the email address [email protected]. The emails all have the subject:
"You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"
These emails contain links to a malicious Word document or Microsoft Excel Spreadsheet which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
12/10/2018
DocuSign has observed a new phishing campaign that began the morning of December 10th (Pacific Time). The email purports to come from "DocuSign Signature and Invoice Service" using the email address [email protected]. The emails all have the subject:
"You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"
These emails contain links to a malicious Word document which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
11/29/2018
DocuSign has observed a new phishing campaign that began the morning of November 29th (Pacific Time). The email purports to come from "DocuSign Signature and Invoice Service" using the email address [email protected]. The emails all have the subject:
"You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"
These emails contain links to a malicious Word document which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
11/13/2018
The DocuSign Entrust certificate is up for renewal. The schedule for the renewal has been posted here: https://www.docusign.com/trust/compliance/public-certificates
-
10/29/2018For the customers that explicitly allow internet addresses advertised by our service, please note that DocuSign has updated its IP address range as posted here: https://www.docusign.com/trust/security/features-configurations
-
10/17/2018
DocuSign has observed a new phishing campaign that began the morning of October 17th (Pacific Time). The email purports to come from "DocuSign Signature and Invoice Service" using the email address [email protected]. The emails all have the subject:
"You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"
These emails contain links to a malicious Word document which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
09/19/2018
DocuSign has observed a new phishing campaign that began the morning of September 19th (Pacific Time). The email purports to come from "DocuSign Electronic Signature" using the email address [email protected]. The emails all have the subject:
"You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"
These emails contain links to a malicious Word document. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to [email protected] and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
09/12/2018
Apache issued a security alert on August 22nd, 2018 for Struts, an open source framework for creating Java web applications. Under specific configuration there is possibility of Remote Code Execution that can be exploited by visiting a crafted URL.
DocuSign does not use Apache Struts within our DocuSign services or our Digital Transaction Management platform.
For more information, you can reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11776 or https://struts.apache.org/docs/s2-057.html.