Alerts and updates

  • DocuSign has observed a new phishing campaign that began the morning of September 19th (Pacific Time). The email purports to come from "DocuSign Electronic Signature" using the email address [email protected]. The emails all have the subject:

    "You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"

    These emails contain links to a malicious Word document. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • Apache issued a security alert on August 22nd, 2018 for Struts, an open source framework for creating Java web applications.  Under specific configuration there is possibility of Remote Code Execution that can be exploited by visiting a crafted URL.

    DocuSign does not use Apache Struts within our DocuSign services or our Digital Transaction Management platform.

    For more information, you can reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11776 or https://struts.apache.org/docs/s2-057.html.

  • DocuSign has observed a new phishing campaign that began the morning of September 4th (Pacific Time). The email purports to come from "DocuSign Signature and Invoice" using the email addresses [email protected]. The emails all have the subject:

    "You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"

    These emails contain a malicious PDF attachment linking to a malicious download site. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign has observed a new phishing campaign that began the morning of August 22nd (Pacific Time). The email purports to come from DocuSign using the email addresses [email protected]. The emails all have the subject:

    "You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"

    These emails contain links to a malicious Word document. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign uses the latest innovations and industry knowledge to keep our customers safe, but it takes awareness and dedication from everyone involved to reach maximum security. Read about our top pointers to help you stay safe online:

    • Create complex, unique passwords and keep them secure: don’t write down or share passwords—and be extra careful when using public or shared computers.
    • Take IT precautions to protect against spam: keep your anti-virus software up-to-date; provide trainings on phishing and fraudulent activities, etc.  
    • Be on the lookout for fraudulent emails and unsafe websites: proceed with caution when accessing unfamiliar emails and websites. Unrecognizable links, bad grammar and misspellings, and fake greetings can all be red flags that indicate a phishing email. For website safety, make sure “https” is in your browser address bar if you’re entering any personal information.

    Remember: online safety starts with you. You’re the first and best line of defense in fighting online fraud. Learning how to identify and steer clear of phishing scams, social engineering attempts, and other types of online fraud is the best way to protect yourself and your information.

    Visit our Security Resources page for more safety essentials, including our Combating Phishing white paper, to help keep you and the greater online community safe.

  • DocuSign has observed a new phishing campaign that began the morning of August 6th (Pacific Time). The email purports to come from DocuSign using the email addresses [email protected] The emails all have the subject:

    "You received invoice from DocuSign Electronic Signature Service"

    These emails contain a malicious Word document. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign has observed a new phishing campaign that began the morning of July 19th (Pacific Time). The email purports to come from DocuSign using the email addresses [email protected] The emails all have the subject:

    "ADP sent you a new document to sign"

    These emails contain a malicious Word document as an attachment, ADP-Document-3810922.doc. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign has observed a new phishing campaign that began the morning of July 16th, 2018 (Pacific Time). The email purports to come from "DocuSign Signature and Invoice Service" (or similar) using the email address [email protected]. The emails all have the subjects:

    "You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"

    These emails contain links to a malicious Word document. This emails are not sent from DocuSign. Do not click the links in these emails, instead please forward them to [email protected] and then delete the email immediately. 

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign has observed a new phishing campaign that began the morning of July 10th (Pacific Time). The email purports to come from DocuSign using the email addresses [email protected]. The emails all have the subject:

    "You have a new document to review and sign"

    These emails contain a malicious Word document as an attachment, 3873JDSB987391.doc. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • DocuSign has observed a new phishing campaign that began the morning of June 5th, 2018 (Pacific Time). The email purports to come from "DocuSign Electronic Signature and Invoice Service" using the email address [email protected] . The emails all have the subjects:

    You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service

    These emails contain links to a malicious Word document. This emails are not sent from DocuSign. Do not click the links in these emails, instead please forward them to [email protected] and then delete the email immediately. 

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • DocuSign has observed a new phishing campaign that began the morning of May 8th, 2018 (Pacific Time). The email purports to come from "DocuSign Electronic Signature and Invoice Service" using the email address [email protected]. The emails all have the subjects:

    You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service

    These emails contain links to a malicious Word document. This emails are not sent from DocuSign. Do not click the links in these emails, instead please forward them to [email protected] and then delete the email immediately. 

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • DocuSign will end TLSv1.0 support in our demo environment effective May 29, 2018. This will help customers plan and test for the end of TLSv1.0 support in our production environment, scheduled for June 25, 2018.

    This action will give customers time to update their integrations before our production environment ends support for TLSv1.0 on June 25, 2018.

    DocuSign’s end of support dates for TLSv1.0 are as follows:

    Environment TLSv1.0 Deprecation Date
    Demo May 29, 2018
    Production June 25, 2018

    For more information about TLSv1.0 deprecation, including instructions for testing and updating your browsers, please visit the DocuSign Support article here.

Pages