Alerts and updates
-
11/20/2017
Read about our top pointers to help you stay safe online.
DocuSign uses the latest innovations and industry knowledge to keep our customers safe, but it takes awareness and dedication from everyone involved to reach maximum security.
Remember: online safety starts with you, and you are the first and best line of defense in fighting online fraud. Learning how to identify and steer clear of phishing scams, social engineering attempts, and other types of online fraud is the best way to protect yourself and your information.
Here are a few tips to help get you started:
Create complex, unique passwords and keep them secure – don’t write down or share passwords, and be extra careful when using public or shared computers
Take IT precautions to protect against spam – keep your anti-virus software up-to-date, provide trainings on phishing and fraudulent activities, etc.
Be on the lookout for fraudulent emails and unsafe websites – proceed with caution when accessing unfamiliar emails and websites. Unrecognizable links, bad grammar and misspellings, and fake greetings can all be red flags that indicate a phishing email. For website safety, make sure “https” is in your browser address bar if you are entering any personal information.
Visit our Personal Safeguards page for more safety essentials - including our Combating Phishing white paper (3.3 MB) - to help keep you and the greater online community safe. -
11/16/2017
DocuSign has observed a new phishing campaign that began the morning of November 16th (Pacific Time)
The email comes from Lowell Joye (note this name is likely to change) and was sent from the email address [email protected]. The subject of the email is “Your Legally Binding Contract document is ready for signature!” and it contains a link to a malicious Word document. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately. For more information on how to spot phishing please see our phishing white paper (3.3 MB).
-
10/16/2017
DocuSign has observed a new phishing campaign that began the morning of October 16th (Pacific Time).
The email comes from Manuel Robinson (note this name is likely to change) and was sent from the email address [email protected]. The subject of the email is “Your document Receipt 12345 for <email> is ready for signature!” and it contains a link to a malicious Word document. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately. For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
09/27/2017
DocuSign has observed a new phishing campaign that began the morning of Septemeber 27 (Pacific Time).
The email comes from Michael Evans (note this name is likely to change) and was sent from the email address [email protected] or [email protected]. The subject of the email is “Your Invoice 12345678 for [email protected] Document is Ready for Signature” and it contains a link to a malicious, macro-enabled Word document. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately. For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
09/14/2017
DocuSign has observed a new phishing campaign that began the morning of September 14th targeting individuals in the APAC region.
The email comes from "Stephanie Riches via DocuSign” (note, this name is subject to change) using the email address [email protected] (note the “R”). The email has the subject “Please DocuSign: Shareholder.pdf” and it contains a link to a zip file which in turn contains a malicious javascript file. This email is not sent from DocuSign. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
09/06/2017
Apache issued a security alert on September 5, 2017 for Struts, an open source framework for creating Java web applications. The component performs unsafe deserialization and could lead to a remote code execution vulnerability.
DocuSign does not use Apache Struts within our DocuSign services or our Digital Transaction Management platform.
For more information, you can reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805 or https://struts.apache.org/docs/s2-052.html.
-
09/06/2017
DocuSign has observed a new phishing campaign that began the morning of September 6th (Pacific Time).
The email comes from "Warner Amann via DocuSign” (note, this name is subject to change) using the email address [email protected]. The email has the subject “Your Bill 123456 for yourdomain.com Document is Ready for Signature” and it contains a link to a malicious, macro-enabled Word document. This email is not sent from DocuSign. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
08/28/2017
DocuSign has observed a new phishing campaign that began the morning of August 28th (Pacific Time).
The email comes from ""Greg Taylor & Associates, via DocuSign” using the email address [email protected] with the subject “Your document Settlement 123456 is ready for signature!” and it contains a link to a malicious, macro-enabled Word document. This email is not sent from DocuSign. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
08/25/2017
The DocuSign Trust Center is the best source of information regarding alerts or threats to the DocuSign environment.
Always leverage official DocuSign channels to ensure information you receive regarding alerts or threats is accurate. For example, we have been alerted that certain companies are using the DocuSign name (coupled with inaccurate information on security threats) to enhance sales of their security products and services. Stay proactively informed on alerts and threats by subscribing to our DocuSign Support Twitter feed #AskDocuSign or find the latest accurate information by visiting us here at https://docusign.com/trust.
-
08/16/2017
DocuSign has observed a new phishing campaign that began the morning of August 16th (Pacific Time).
The email comes from "Danna & Associates PC” using the email address [email protected] with the subject “Your document Invoice 123456 is ready to be signed!” and it contains a link to a malicious, macro-enabled Word document. This email is not sent from DocuSign. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
07/18/2017
DocuSign has observed a new phishing campaign that began the morning of July 18th (Pacific Time).
The email comes from “Carl Evans” using the email address [email protected] with the subject “Your document Leasing Contract 123 for <recipient_domain> is ready for signature” and it contains a link to a malicious, macro-enabled Word document. This email is not sent from DocuSign. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
06/12/2017
DocuSign has observed a new phishing campaign that began the morning of June 12 (Pacific Time).
The email comes from William Scott “[email protected]” with the subject “Please review your document Invoice <1234567> for <recipientdomain.com>” and it contains a link to a malicious, macro-enabled Word document. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately. For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).