Alerts and updates

Subscribe using the DocuSign Trust Center Alerts RSS feed URL: https://www.docusign.com/trust/alerts/feed.
Add an RSS reader extension to your browser (Chrome, Firefox), or enable via Outlook on a PC.

  • The DocuSign CLM and CLM.CM August 20.6 Product Release will be deployed to the PROD environment (NA11, NA21, EU11, EU21) on Friday, August 7, 2020 between 21:00 and Midnight, US Central Time.

    We don't anticipate any impact to platform availability during this product release.

    Release Notes for this upcoming release can be found on the DocuSign Support Center.

    Please contact Technical Support if you have any questions.
  • The DocuSign CLM and CLM.CM August 20.6 Product Release will be deployed to the UAT environment on Thursday, July 23, 2020 between 8:00 PM and 11:00 PM, US Central Time.

    During this period, access to the UAT environment will be impacted. We apologize for any inconvenience.

    Release Notes for this upcoming release can be found on the DocuSign Support Center.

    Please contact Technical Support if you have any questions.
  • On 07/09/2020, we published an alert regarding the renewal of three previously issued certificates ahead of schedule due to a change initiated by DigiCert in their ICA infrastructure, revoking the Intermediate Certificate.

    We have updated the PROD enforce dates for these three re-provisioned certificates, which are listed below and available on the DocuSign Public Trust site at https://www.docusign.com/trust/compliance/public-certificates:

    • The Security Appliance certificate
    • The Signed By service certificate
    • The DigiCert Intermediate CA certificate
  • Due to a change initiated by DigiCert in their ICA infrastructure, we're renewing three previously issued certificates ahead of schedule. DigiCert will expire the following current certificates on July 30, 2020.

    • The Security Appliance certificate
    • The Signed By service certificate
    • The DigiCert Intermediate CA certificate. 

    These three certificates are available with their new offer and enforce dates on the DocuSign Public Trust site at: https://www.docusign.com/trust/compliance/public-certificates.

  • The DocuSign CLM and CLM.CM June 20.5 Product Release will be deployed to the PROD environments (NA11, NA21, EU11, EU21) on Friday June 26, 2020 between 21:00 and Midnight, US Central Time.

    We don't anticipate any impact to availability or access during this Product Release.

    Release Notes for this upcoming release can be found on the DocuSign Support Center.

    Please contact Technical Support if you have any questions.

  • Please add DocuSign’s new IP range to your allowlist (192.103.120.1 through 192.103.123.254) to avoid service disruptions. DocuSign will be scaling it’s service to start using this new range starting 6/26/2020. The current ranges still remain valid. DocuSign IP ranges are advertised on https://www.docusign.com/trust/security/esignature

  • The DocuSign CLM and CLM.CM June 20.5 Product Release will be deployed to the UAT environment on Thursday, June 11, 2020 between 8:00 PM and 11:00 PM, US Central Time.

    We don't anticipate any impact to availability or access during this Product Release.

    Release Notes for this upcoming release can be found on the DocuSign Support Center.

    Please contact Technical Support if you have any questions.

  • DocuSign has discovered several new phishing campaigns that spoof DocuSign and are COVID-related. All below campaigns were found in the wild. Details are shared for each below.

    1. From: "Payment Request via DocuSign" <user[@]puabenefit-pay8645752893[.]info> or <filling[@]serv-docpay873644[.]com>
      Reply-to: user[@]doc-pay[.]info
      Sent: Thursday, May 21
      Subject: "RE: YOUR COVID19 PAYMENT FILLING STATUS" or "COVID-19 HEALTH PAYMENT STATUS" or similar
      Link displays as: hxxps://mindscriptstech[.]com/wp-admin/documen0t9853/doc-new/
       
    2. From: "DocuSign Via Arnulfo Smitham" <docusign-donot-reply[@]Yourpad[.]com>
      Sent: Thursday, May 21
      Subject: "Affidavit_for_Covid-19 from Yourpad[.]com" or similar
      Link displays as: hxxps://bit[.]ly/3bnBEsw
      Links redirects to: hxxps://realestatesproperties[.]estate/x787xe8ruh22@/11d4b7f8a0da369d11a95c2ee2267796/
      95aed2504a6a43d4034b22cacbba5607/login.php?cmd=login_submit&id=5aea4dece5073ba5a0f7113d90b4b62
      35aea4dece5073ba5a0f7113d90b4b623&session=5aea4dece5073ba5a0f7113d90b4b6235aea4dece5073ba5a0f
      7113d90b4b623
       
    3. From: "KEVIN WATSON" <grayshillrealty[@]yahoo[.]com>
      Sent: Wednesday, May 20
      Subject: "Re:  Docu  sign. :Complete : File NO 8874871 COVID-19 Report ,termi AND HUD approver QWKLDQXPSO" or similiar
      Link displays as: No URL was provided in the message
  • DocuSign has observed several new phishing campaigns that spoof DocuSign and are COVID-themed. Details for each are below.

    1. The email sender appears as "DocuSign" from suspended[@]sign-doc.com, and indicates in the body that your 'docusign account is temporarily suspended.' The subject line is similar to "Your Docusign account is suspended" The emails contain a link to a malicious URL [http]://covid19.protected-forms[.]com/XYWNb0aW9uPWqNsaWNrJnfVybD1odddHRwhczov
      L3NlvY3uVyZWQtbG9naW4ubmV0bL3BhZ2VzL2E0ZGFlYzk1OTVlMSZyZWNpcGllbnRfaWQ9NjE5NTkyMTg5JmNhbXBha
      WduX3J1bl9pZD0zMTQ3MDEw
       
      that leads to [https]://secured-login[.]net/pages/a4daec9595e1/XYWNb0aW9uPWqNsaWNrJnfVybD1odddHRwh
      czovL3NlvY3uVyZWQtbG9naW4ubmV0bL3BhZ2VzL2E0ZGFlYzk1OTVlMSZyZWNpcGllbnRfaWQ9NjE5NTkyMTg5JmNhbXBha
      WduX3J1bl9pZD0zMTQ3MDEw
      .
       
    2. The sender again appears as "DocuSign" from carmen.schultz[@]t-online.de. The subject line is similar to "Notification: You have received a document." The email body suggests that the World Health Organization has sent you a document: "COVID-19 impact, situation updates, and policy responses." A malicious URL [https]://storage[.]googleapis[.]com/worldhealthorganization/index[.]html
      takes you to
      [https]://virtualmallglobal[.]com/documents/login[.]html.
       
    3. The email sender appears as "Rebecca Campbell" from jogina[@]randallmorris.com. The subject line is similar to "Completed: Docusign_FinalApproval/Clear to Close the property/Covid-19 Affidavit." This malicious URL [https]://bit[.]ly/39jkv28
      takes you to
      [https]://realestateescrowdocument[.]estate/x787xe8ruh22@/
      8af0a1fdf1fb6005665d2bc4d5fa7c77/2816dde2b84c88df5e1cd134bf
      15c431/login[.]php?cmd=login_submit&id=f8b98db5e70b2e47bf110c6e8e9fef69f8b
      98db5e70b2e47bf110c6e8e9fef69&session=f8b98db5e70b2e47bf110c6e8e9fef69f8b98db5e70b2e47bf110c6e8e9fef69
      .
       
    4. The email sender appears as "DocuSign via Jimenez: from kjimenez[@]lindsey.com. The body of the email includes the contact Jimenez[@]Keystonetitle.com, claiming that your close time is curbside and scheduled for "1:30pm on 5/013/20." The subject line is similar to "RE: REG 2440 COVID-19 Affidavit and ALTA SETTLEMENT ID no: 244053 , pls sign Thanks." The malicious URL [https]://bit[.]ly/3afxh33
      sends you to
      [https]://generalbamrealtors[.]com/x787xe8ruh22@/ac8120f50c6ca29c78fbd84cde5ab7d5/28428aa5229cf9c9c1
      ba35239609aa0e/login.php?cmd=login_submit&id=76be3a836e56c3ea7cc3b9e97e04eb1176be3a836e56c3ea7c
      c3b9e97e04eb11&session=76be3a836e56c3ea7cc3b9e97e04eb1176be3a836e56c3ea7cc3b9e97e04eb11
      .
       
    5. The email sender appears as "DocuSign via Maureen Wilkinson" from nrakosy6468720[@]springhillres.com. The subject line is similar to "FWD:2668502 Please DocuSign this document: Change_to_Listing_COFIC-19_2_1211.pdf." The malicious URL [http]://waiting[.]website/3akIIpr 
      leads you to
      [https]://realestatesproperties[.]estate/x787xe8ruh22@/6baadc89159617043965f9e1889224e7/099043c11c86
      f05f70d165635ea65814/login.php?cmd=login_submit&id=f1d4c1bb89f4af812573622f86d4485ff1d4c1bb89
      f4af812573622f86d4485f&session=f1d4c1bb89f4af812573622f86d4485ff1d4c1bb89f4af812573622f86d4485f
      .

    These emails are not sent from DocuSign. Do not click on the links in these emails, instead, please forward them to spam@docusign.com and then delete these emails immediately. 

    For more information on how to spot phishing, please see our Combating Phishing white paper.

  • DocuSign has observed several new phishing campaigns that spoof DocuSign. Details for each are below.

    1. The email sender appears as PEUT, Debra (depeut1) from dpeut1[@]eq.edu.au. The subject line is similar to "Internal Revenue Service (COVID-19 Stimulus Check)" The emails contain a link going to anbar.co/scdc/. 

    2. The email sender appears as DocuSign from dchernoff1[@]comcast.net. The subject line is similar to "Incoming Document Notification." The emails contain a link that takes you to cristianmponce.com/docsign.com-access-document/docusign/login.html. 

    3. The email sender appears as CU #COVID Electronic Documents via Docusign from betsy[@]austinhomestaging.com, and the name Owen G Kellerman is in the body as the sender. The subject line is similar to "CU #COVID: Document update for app 65799414." The emails contain a link and directs you electronic_documents[@]coronavirus-ctrl.org. 

    4. The email sender appears as "DocuSign via Tavares Schmitt from hicom-hap6710636[@]cbn.net.id. The subject line is similar to "FWD: 3754013 Please DocuSign this document: Change_to_Listin." The emails contain a link that takes you to waiting.website/34ufmba. Additional names referenced in the body of the email are Deron Rice, Montale Moving Services LLC, Mahwah Movers, Corinne Benvenuto, and Monica Reyes. Additionally, it states that "Rodora signed At Tuesday, May 5, 2020, Deron Rice opened and viewed your documents. Please this document: Change_to_Listing_Covid-19_2_1211.pdf." 

    These emails are not sent from DocuSign. Do not click on the links in these emails, instead, please forward them to spam@docusign.com and then delete those emails immediately. 

    For more information on how to spot phishing, please see our Combating Phishing white paper.

  • DocuSign has observed a new phishing campaign that spoofs DocuSign with a fraudulent invoice notification, designed to harvest your Adobe Cloud credentials. The email appears to come from Mubanga, Chama though the body of the email uses the name Malyangu, Eric. It is using the domain '@plan-international.org.' The emails have the subject line similar to:

    "Outstanding Invoice."

    The emails contain a link that redirects to what looks like an Excel spreadsheet, but is actually a phishing page. The page itself appears blurred with a message appearing on the page, as a popup, asking recipients for their Adobe account details, including email address and password.

    These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to spam@docusign.com and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper.

  • DocuSign CLM Production accounts will be unavailable Friday, May 15 from 21:00 - 24:00 CDT for the 20.4 Product release. We apologize for any inconvenience.

    Release Notes for this upcoming release can be found on our Community Site.

    Please contact Technical Support at https://support.docusign.com/ if you have any questions.

Pages