Alerts and updates

  • DocuSign has observed a new phishing campaign that began around noon of April 4th (Pacific Time). The email purports to come from "DocuSign Electronic Signature” using the email address "[email protected]".  The emails have the subject line similar to:

    "You received notification from DocuSign Service“

    These emails contain links to a malicious Word document which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB) 

  • DocuSign has observed a new phishing campaign that began the morning of April 2nd (Pacific Time). The email purports to come from "DocuSign Electronic Signature” using the email address "[email protected]".  The emails have the subject line similar to:

    "You received invoice from DocuSign Electronic Signature Service“

    These emails contain links to a malicious Word document which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)  https://www.docusign.com/sites/default/files/Combating_Phishing_WP_05082...

  • In January this year, DocuSign patched its online digital signature validation tool (validator.docusign.com) to ensure it could address the three digital signature vulnerabilities identified in a research paper by a team from Ruhr-University Bochum in Germany.

    Those vulnerabilities related to online validation services in general—they had no impact on the integrity or validity of a digital signature written to a document by the core DocuSign eSignature solution. In addition, given DocuSign had already patched the validator tool before the research paper was published, we have asked the researchers to update their online records accordingly.

  • On Monday March 4th, 2019 at approximately 4:00 PM PST DocuSign will replace their Single Sign-On certificate and simultaneously change the CA in all production environments. At that time DocuSign will only sign outbound SAML requests with a single certificate, the new certificate. Please take immediate action to update the SSO certificate and/or metadata URL within your IdP application as needed to prevent user login issues. If you are unsure how to complete these steps please contact your IdP.
  • DocuSign has observed a new phishing campaign that began the morning of February 14th (Pacific Time). The email purports to come from "DocuSign Electronic Signature” using the email address "[email protected]".  The emails all have the subject:

    "You received invoice from DocuSign Electronic Signature Service“

    These emails contain links to a malicious Word document or Microsoft Excel Spreadsheet which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • The DocuSign SSO certificate is expiring. The renewal schedule has been posted here:https://www.docusign.com/trust/compliance/public-certificates
  • DocuSign has observed a new phishing campaign that began the morning of January 14th (Pacific Time). The email purports to come from "DocuSign Signature and Invoice Service" using the email address [email protected]. The emails all have the subject:

    "You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"

    These emails contain links to a malicious Word document or Microsoft Excel Spreadsheet which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • The DocuSign Site certificates for Demo and EU are expiring. The renewal schedule has been posted here:https://www.docusign.com/trust/compliance/public-certificates

  • DocuSign has observed a new phishing campaign that began the morning of December 17th (Pacific Time). The email purports to come from "DocuSign Signature and Invoice Service" using the email address [email protected]. The emails all have the subject:

    "You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"

    These emails contain links to a malicious Word document or Microsoft Excel Spreadsheet which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign has observed a new phishing campaign that began the morning of December 10th (Pacific Time). The email purports to come from "DocuSign Signature and Invoice Service" using the email address [email protected]. The emails all have the subject:

    "You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"

    These emails contain links to a malicious Word document which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign has observed a new phishing campaign that began the morning of November 29th (Pacific Time). The email purports to come from "DocuSign Signature and Invoice Service" using the email address [email protected]. The emails all have the subject:

    "You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"

    These emails contain links to a malicious Word document which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • The DocuSign Entrust certificate is up for renewal. The schedule for the renewal has been posted here: https://www.docusign.com/trust/compliance/public-certificates

     

     

Pages