Alerts and updates

  • DocuSign has observed a new phishing campaign that began the morning of Septemeber 27 (Pacific Time).

    The email comes from Michael Evans (note this name is likely to change) and was sent from the email address [email protected] or [email protected]. The subject of the email is “Your Invoice 12345678 for [email protected] Document is Ready for Signature” and it contains a link to a malicious, macro-enabled Word document. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately. For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign has observed a new phishing campaign that began the morning of September 14th targeting individuals in the APAC region.

    The email comes from "Stephanie Riches via DocuSign” (note, this name is subject to change) using the email address [email protected] (note the “R”). The email has the subject “Please DocuSign: Shareholder.pdf” and it contains a link to a zip file which in turn contains a malicious javascript file. This email is not sent from DocuSign. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • Apache issued a security alert on September 5, 2017 for Struts, an open source framework for creating Java web applications.  The component performs unsafe deserialization and could lead to a remote code execution vulnerability.

    DocuSign does not use Apache Struts within our DocuSign services or our Digital Transaction Management platform.

    For more information, you can reference:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805 or https://struts.apache.org/docs/s2-052.html.

  • DocuSign has observed a new phishing campaign that began the morning of September 6th (Pacific Time).

    The email comes from "Warner Amann via DocuSign” (note, this name is subject to change) using the email address [email protected]. The email has the subject “Your Bill 123456 for yourdomain.com Document is Ready for Signature” and it contains a link to a malicious, macro-enabled Word document. This email is not sent from DocuSign. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign has observed a new phishing campaign that began the morning of August 28th (Pacific Time).

     The email comes from ""Greg Taylor & Associates, via DocuSign” using the email address [email protected] with the subject “Your document Settlement 123456 is ready for signature!” and it contains a link to a malicious, macro-enabled Word document. This email is not sent from DocuSign. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • The DocuSign Trust Center is the best source of information regarding alerts or threats to the DocuSign environment. 

    Always leverage official DocuSign channels to ensure information you receive regarding alerts or threats is accurate. For example, we have been alerted that certain companies are using the DocuSign name (coupled with inaccurate information on security threats) to enhance sales of their security products and services. Stay proactively informed on alerts and threats by subscribing to our DocuSign Support Twitter feed #AskDocuSign or find the latest accurate information by visiting us here at https://docusign.com/trust.

  • DocuSign has observed a new phishing campaign that began the morning of August 16th (Pacific Time).

    The email comes from "Danna & Associates PC” using the email address [email protected] with the subject “Your document Invoice 123456 is ready to be signed!” and it contains a link to a malicious, macro-enabled Word document. This email is not sent from DocuSign. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately. 

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign has observed a new phishing campaign that began the morning of July 18th (Pacific Time).

    The email comes from “Carl Evans” using the email address [email protected] with the subject “Your document Leasing Contract 123 for <recipient_domain> is ready for signature” and it contains a link to a malicious, macro-enabled Word document. This email is not sent from DocuSign. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately. 

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign has observed a new phishing campaign that began the morning of June 12 (Pacific Time).

    The email comes from William Scott “[email protected]” with the subject “Please review your document Invoice <1234567> for <recipientdomain.com>” and it contains a link to a malicious, macro-enabled Word document. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately. For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • If you would like to be automatically informed about the latest security updates and alerts, please follow @askdocusign (DocuSign Support) on Twitter, where we will be posting notifications when the Trust Center is updated.
  • DocuSign has observed a new phishing campaign that began the morning of May 16 (Pacific Time).

    The email comes from “[email protected]” with the subject “Legal acknowledgement for <person> Document is Ready for Signature” and it contains a link to a malicious, macro-enabled Word document. We suggest you do not open this email, but rather delete it immediately.

  • As part of our commitment to updating everyone as we identify new information during our investigation, we can now confirm that only people with a DocuSign account were impacted by this incident – those who signed a document without a DocuSign account were not among the list of email addresses that were accessed maliciously.

    That said, even though an employee or customer of yours would not be on the list unless they had an account with DocuSign, we would still encourage you to utilize the existing materials on the DocuSign Trust Center to help them avoid being the victims of phishing.

    As an update to the frequently-asked questions we originally included below:

    Q: Have the email addresses of my employees, customers or customers’ customers been exposed as part of this incident?
    A: As part of our ongoing investigation, we can now confirm that no signers were on the list of email addresses that was accessed maliciously unless they had signed up for a DocuSign account. That could include direct DocuSign customers; someone who signed a document and elected to open a DocuSign account; or someone who signed up for a DocuSign freemium account – via docusign.com, through a partner integration, or via the DocuSign mobile client.

    Q: Do I need to communicate to all of them?
    A: We would encourage you to utilize the existing materials on the Trust Center to help your employees, customers or customers’ customers protect themselves from phishing attacks.

    As always, please continue to Contact Support or call +1-800-379-9973 with any additional questions. 

Pages