Alerts and updates
Subscribe using the DocuSign Trust Center Alerts RSS feed URL: https://www.docusign.com/trust/alerts/feed.
Add an RSS reader extension to your browser (Chrome, Firefox), or enable via Outlook on a PC.
-
06/02/2020
Please add DocuSign’s new IP range to your allowlist (192.103.120.1 through 192.103.123.254) to avoid service disruptions. DocuSign will be scaling it’s service to start using this new range starting 6/26/2020. The current ranges still remain valid. DocuSign IP ranges are advertised on https://www.docusign.com/trust/security/esignature.
-
06/01/2020
The DocuSign CLM and CLM.CM June 20.5 Product Release will be deployed to the UAT environment on Thursday, June 11, 2020 between 8:00 PM and 11:00 PM, US Central Time.
We don't anticipate any impact to availability or access during this Product Release.
Release Notes for this upcoming release can be found on the DocuSign Support Center.
Please contact Technical Support if you have any questions.
-
05/27/2020
DocuSign has discovered several new phishing campaigns that spoof DocuSign and are COVID-related. All below campaigns were found in the wild. Details are shared for each below.
- From: "Payment Request via DocuSign" <user[@]puabenefit-pay8645752893[.]info> or <filling[@]serv-docpay873644[.]com>
Reply-to: user[@]doc-pay[.]info
Sent: Thursday, May 21
Subject: "RE: YOUR COVID19 PAYMENT FILLING STATUS" or "COVID-19 HEALTH PAYMENT STATUS" or similar
Link displays as: hxxps://mindscriptstech[.]com/wp-admin/documen0t9853/doc-new/
- From: "DocuSign Via Arnulfo Smitham" <docusign-donot-reply[@]Yourpad[.]com>
Sent: Thursday, May 21
Subject: "Affidavit_for_Covid-19 from Yourpad[.]com" or similar
Link displays as: hxxps://bit[.]ly/3bnBEsw
Links redirects to: hxxps://realestatesproperties[.]estate/x787xe8ruh22@/11d4b7f8a0da369d11a95c2ee2267796/
95aed2504a6a43d4034b22cacbba5607/login.php?cmd=login_submit&id=5aea4dece5073ba5a0f7113d90b4b62
35aea4dece5073ba5a0f7113d90b4b623&session=5aea4dece5073ba5a0f7113d90b4b6235aea4dece5073ba5a0f
7113d90b4b623
- From: "KEVIN WATSON" <grayshillrealty[@]yahoo[.]com>
Sent: Wednesday, May 20
Subject: "Re: Docu sign. :Complete : File NO 8874871 COVID-19 Report ,termi AND HUD approver QWKLDQXPSO" or similiar
Link displays as: No URL was provided in the message
- From: "Payment Request via DocuSign" <user[@]puabenefit-pay8645752893[.]info> or <filling[@]serv-docpay873644[.]com>
-
05/13/2020
DocuSign has observed several new phishing campaigns that spoof DocuSign and are COVID-themed. Details for each are below.
- The email sender appears as "DocuSign" from suspended[@]sign-doc.com, and indicates in the body that your 'docusign account is temporarily suspended.' The subject line is similar to "Your Docusign account is suspended" The emails contain a link to a malicious URL [http]://covid19.protected-forms[.]com/XYWNb0aW9uPWqNsaWNrJnfVybD1odddHRwhczov
L3NlvY3uVyZWQtbG9naW4ubmV0bL3BhZ2VzL2E0ZGFlYzk1OTVlMSZyZWNpcGllbnRfaWQ9NjE5NTkyMTg5JmNhbXBha
WduX3J1bl9pZD0zMTQ3MDEw
that leads to [https]://secured-login[.]net/pages/a4daec9595e1/XYWNb0aW9uPWqNsaWNrJnfVybD1odddHRwh
czovL3NlvY3uVyZWQtbG9naW4ubmV0bL3BhZ2VzL2E0ZGFlYzk1OTVlMSZyZWNpcGllbnRfaWQ9NjE5NTkyMTg5JmNhbXBha
WduX3J1bl9pZD0zMTQ3MDEw.
- The sender again appears as "DocuSign" from carmen.schultz[@]t-online.de. The subject line is similar to "Notification: You have received a document." The email body suggests that the World Health Organization has sent you a document: "COVID-19 impact, situation updates, and policy responses." A malicious URL [https]://storage[.]googleapis[.]com/worldhealthorganization/index[.]html
takes you to
[https]://virtualmallglobal[.]com/documents/login[.]html.
- The email sender appears as "Rebecca Campbell" from jogina[@]randallmorris.com. The subject line is similar to "Completed: Docusign_FinalApproval/Clear to Close the property/Covid-19 Affidavit." This malicious URL [https]://bit[.]ly/39jkv28
takes you to
[https]://realestateescrowdocument[.]estate/x787xe8ruh22@/
8af0a1fdf1fb6005665d2bc4d5fa7c77/2816dde2b84c88df5e1cd134bf
15c431/login[.]php?cmd=login_submit&id=f8b98db5e70b2e47bf110c6e8e9fef69f8b
98db5e70b2e47bf110c6e8e9fef69&session=f8b98db5e70b2e47bf110c6e8e9fef69f8b98db5e70b2e47bf110c6e8e9fef69.
- The email sender appears as "DocuSign via Jimenez: from kjimenez[@]lindsey.com. The body of the email includes the contact Jimenez[@]Keystonetitle.com, claiming that your close time is curbside and scheduled for "1:30pm on 5/013/20." The subject line is similar to "RE: REG 2440 COVID-19 Affidavit and ALTA SETTLEMENT ID no: 244053 , pls sign Thanks." The malicious URL [https]://bit[.]ly/3afxh33
sends you to
[https]://generalbamrealtors[.]com/x787xe8ruh22@/ac8120f50c6ca29c78fbd84cde5ab7d5/28428aa5229cf9c9c1
ba35239609aa0e/login.php?cmd=login_submit&id=76be3a836e56c3ea7cc3b9e97e04eb1176be3a836e56c3ea7c
c3b9e97e04eb11&session=76be3a836e56c3ea7cc3b9e97e04eb1176be3a836e56c3ea7cc3b9e97e04eb11.
- The email sender appears as "DocuSign via Maureen Wilkinson" from nrakosy6468720[@]springhillres.com. The subject line is similar to "FWD:2668502 Please DocuSign this document: Change_to_Listing_COFIC-19_2_1211.pdf." The malicious URL [http]://waiting[.]website/3akIIpr
leads you to
[https]://realestatesproperties[.]estate/x787xe8ruh22@/6baadc89159617043965f9e1889224e7/099043c11c86
f05f70d165635ea65814/login.php?cmd=login_submit&id=f1d4c1bb89f4af812573622f86d4485ff1d4c1bb89
f4af812573622f86d4485f&session=f1d4c1bb89f4af812573622f86d4485ff1d4c1bb89f4af812573622f86d4485f.
These emails are not sent from DocuSign. Do not click on the links in these emails, instead, please forward them to spam@docusign.com and then delete these emails immediately.
For more information on how to spot phishing, please see our Combating Phishing white paper.
- The email sender appears as "DocuSign" from suspended[@]sign-doc.com, and indicates in the body that your 'docusign account is temporarily suspended.' The subject line is similar to "Your Docusign account is suspended" The emails contain a link to a malicious URL [http]://covid19.protected-forms[.]com/XYWNb0aW9uPWqNsaWNrJnfVybD1odddHRwhczov
-
05/07/2020
DocuSign has observed several new phishing campaigns that spoof DocuSign. Details for each are below.
1. The email sender appears as PEUT, Debra (depeut1) from dpeut1[@]eq.edu.au. The subject line is similar to "Internal Revenue Service (COVID-19 Stimulus Check)" The emails contain a link going to anbar.co/scdc/.
2. The email sender appears as DocuSign from dchernoff1[@]comcast.net. The subject line is similar to "Incoming Document Notification." The emails contain a link that takes you to cristianmponce.com/docsign.com-access-document/docusign/login.html.
3. The email sender appears as CU #COVID Electronic Documents via Docusign from betsy[@]austinhomestaging.com, and the name Owen G Kellerman is in the body as the sender. The subject line is similar to "CU #COVID: Document update for app 65799414." The emails contain a link and directs you electronic_documents[@]coronavirus-ctrl.org.
4. The email sender appears as "DocuSign via Tavares Schmitt from hicom-hap6710636[@]cbn.net.id. The subject line is similar to "FWD: 3754013 Please DocuSign this document: Change_to_Listin." The emails contain a link that takes you to waiting.website/34ufmba. Additional names referenced in the body of the email are Deron Rice, Montale Moving Services LLC, Mahwah Movers, Corinne Benvenuto, and Monica Reyes. Additionally, it states that "Rodora signed At Tuesday, May 5, 2020, Deron Rice opened and viewed your documents. Please this document: Change_to_Listing_Covid-19_2_1211.pdf."
These emails are not sent from DocuSign. Do not click on the links in these emails, instead, please forward them to spam@docusign.com and then delete those emails immediately.
For more information on how to spot phishing, please see our Combating Phishing white paper.
-
05/06/2020
DocuSign has observed a new phishing campaign that spoofs DocuSign with a fraudulent invoice notification, designed to harvest your Adobe Cloud credentials. The email appears to come from Mubanga, Chama though the body of the email uses the name Malyangu, Eric. It is using the domain '@plan-international.org.' The emails have the subject line similar to:
"Outstanding Invoice."
The emails contain a link that redirects to what looks like an Excel spreadsheet, but is actually a phishing page. The page itself appears blurred with a message appearing on the page, as a popup, asking recipients for their Adobe account details, including email address and password.
These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to spam@docusign.com and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper.
-
05/04/2020
DocuSign CLM Production accounts will be unavailable Friday, May 15 from 21:00 - 24:00 CDT for the 20.4 Product release. We apologize for any inconvenience.
Release Notes for this upcoming release can be found on our Community Site.
Please contact Technical Support at https://support.docusign.com/ if you have any questions.
-
04/20/2020
DocuSign CLM UAT accounts will be unavailable Thursday, April 30, 2020 from 21:00 - 23:00 CDT for the 20.4 Product release. We apologize for any inconvenience.
Release Notes for this upcoming release can be found on our Community Site.
Please contact Technical Support at https://support.docusign.com/ if you have any questions.
-
04/16/2020
Your privacy and security are of the utmost importance to DocuSign. Many of the recent public concerns raised about the Zoom service center on issues related to the free or personal version of their service. DocuSign utilizes a highly encrypted enterprise version of Zoom for all its internal and external meetings and engagements. All video, audio, and screen sharing sessions are protected with the Advanced Encryption Standard (AES) 256 using a one-time key for that specific session.
In addition to this encryption, to secure and to prevent unexpected guests from joining our Zoom meetings and webinars, DocuSign has enhanced security across its Zoom implementation as of Wednesday, April 15. These security enhancements include requiring encrypted passwords to join and host meetings as well as to access meeting recordings. Additionally, we have enabled the waiting room feature by default to vet guests.
Passwords are enforced for all Zoom meetings including pre-scheduled, instant, and webinar formats. The encrypted passwords are embedded in the meeting link to enable “one-click” joining, so participants need not type a password when joining DocuSign Zoom sessions via this method.
We have been in touch with and collaborated with Zoom directly on these issues and concerns. We are confident that our DocuSign led Zoom meetings and events will continue to be secure moving forward.
-
04/13/2020
DocuSign has observed a new phishing campaign that spoofs DocuSign, suggesting that all contract documents associated with your "COVID-19 AFFIDAVIT for property" is completed. The email is coming from "brome526[@]bdhomes.com" and the URL within is https[:]//realestatesecuredocuments[.]org/2UCloO4. The final landing page is https[:]//realestateproperties.estate/x787xe8ruh22@/inline.php. The subject line is "Re: TK464351 COMPLETED DOCUSIGN : COVID 19 AFFIDAVIT for property" and similiar.
These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to spam@docusign.com and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper.
-
04/13/2020
DocuSign has observed a new phishing campaign that spoofs DocuSign. The email is using the email address "Mario.DaSilvaMelo[@]du.edu." The emails have the subject line similar to:
"A Document was sent to you for review for Covid-19 update."
These emails contain a link to a malicious script. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to spam@docusign.com and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)
-
04/13/2020
DocuSign has observed a new phishing campaign that spoofs DocuSign. The email appears to come from Monty Hardy, Monty[@]redapplefinance.com. The emails have the subject line similar to:
"UPDATE on COVID-19 LOCKDOWN."
These emails contain a link to a malicious script. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to spam@docusign.com and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)