Alerts and updates

  • DocuSign has observed a new phishing campaign that began the morning of December 5th (Pacific Time).

    The email comes from Tyrone Boulden (note: this name is likely to change) and was sent from the email address [email protected] (note: this sender may change). The subject of the email will be either “Please DocuSign: Order Form for <domain>” or “Please DocuSign Your Debit Acknowledgement form” and it contains a link to a malicious Word document. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately.

    For more information on how to spot phishing, please see our Combating Phishing white paper (3.3 MB)

  • Learn about privacy at DocuSign and the steps we're taking to prepare for the upcoming GDPR. 

    While many organizations are just now focusing on how to protect customer data to comply with the General Data Protection Regulation (GDPR), DocuSign has already made significant strides, many of which apply to the GDPR:

    DocuSign has developed a strong compliance culture and security safeguards, as demonstrated in our ISO 27001 certification.
    We actively monitor regulator guidance of GDPR requirements to enhance our efforts, and like many cloud service providers, we are reviewing our data protection program and making adjustments to ensure compliance with the GDPR by May 2018. 

    DocuSign has also drafted Binding Corporate Rules (BCRs), including privacy codes, and has submitted them with supporting documentation to the supervisory authorities in Europe for approval. Our BCRs will help establish vigorous data protection practices throughout the Company and meet the European standards of data protection processed by DocuSign through our core Signature service.

    Only you and individuals authorized by your company have access to your documents. Your personal information stays private – even from DocuSign. There is no greater priority at DocuSign than the privacy and security of our customers’ information, data and documents.

  • DocuSign has observed a new phishing campaign that began the morning of November 29th (Pacific Time)

    The email comes from Alfonzo Copper (note this name is likely to change) and was sent from the email address [email protected]. The subject of the email is “Your Monthly Statement document is ready for signature!” and it contains a link to a malicious Word document. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately. For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • Read about our top pointers to help you stay safe online. 

    DocuSign uses the latest innovations and industry knowledge to keep our customers safe, but it takes awareness and dedication from everyone involved to reach maximum security.

    Remember: online safety starts with you, and you are the first and best line of defense in fighting online fraud. Learning how to identify and steer clear of phishing scams, social engineering attempts, and other types of online fraud is the best way to protect yourself and your information.

    Here are a few tips to help get you started:

    Create complex, unique passwords and keep them secure – don’t write down or share passwords, and be extra careful when using public or shared computers
    Take IT precautions to protect against spam – keep your anti-virus software up-to-date, provide trainings on phishing and fraudulent activities, etc.  
    Be on the lookout for fraudulent emails and unsafe websites – proceed with caution when accessing unfamiliar emails and websites. Unrecognizable links, bad grammar and misspellings, and fake greetings can all be red flags that indicate a phishing email. For website safety, make sure “https” is in your browser address bar if you are entering any personal information.

    Visit our Personal Safeguards page for more safety essentials - including our Combating Phishing white paper (3.3 MB)  - to help keep you and the greater online community safe.

  • DocuSign has observed a new phishing campaign that began the morning of November 16th (Pacific Time)

    The email comes from Lowell Joye (note this name is likely to change) and was sent from the email address [email protected]. The subject of the email is “Your Legally Binding Contract document is ready for signature!” and it contains a link to a malicious Word document. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately. For more information on how to spot phishing please see our phishing white paper (3.3 MB)

  • DocuSign has observed a new phishing campaign that began the morning of October 16th (Pacific Time).

    The email comes from Manuel Robinson (note this name is likely to change) and was sent from the email address [email protected]. The subject of the email is “Your document Receipt 12345 for <email> is ready for signature!” and it contains a link to a malicious Word document. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately. For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign has observed a new phishing campaign that began the morning of Septemeber 27 (Pacific Time).

    The email comes from Michael Evans (note this name is likely to change) and was sent from the email address [email protected] or [email protected]. The subject of the email is “Your Invoice 12345678 for [email protected] Document is Ready for Signature” and it contains a link to a malicious, macro-enabled Word document. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately. For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign has observed a new phishing campaign that began the morning of September 14th targeting individuals in the APAC region.

    The email comes from "Stephanie Riches via DocuSign” (note, this name is subject to change) using the email address [email protected] (note the “R”). The email has the subject “Please DocuSign: Shareholder.pdf” and it contains a link to a zip file which in turn contains a malicious javascript file. This email is not sent from DocuSign. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • Apache issued a security alert on September 5, 2017 for Struts, an open source framework for creating Java web applications.  The component performs unsafe deserialization and could lead to a remote code execution vulnerability.

    DocuSign does not use Apache Struts within our DocuSign services or our Digital Transaction Management platform.

    For more information, you can reference:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805 or https://struts.apache.org/docs/s2-052.html.

  • DocuSign has observed a new phishing campaign that began the morning of September 6th (Pacific Time).

    The email comes from "Warner Amann via DocuSign” (note, this name is subject to change) using the email address [email protected]. The email has the subject “Your Bill 123456 for yourdomain.com Document is Ready for Signature” and it contains a link to a malicious, macro-enabled Word document. This email is not sent from DocuSign. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).

  • DocuSign has observed a new phishing campaign that began the morning of August 28th (Pacific Time).

     The email comes from ""Greg Taylor & Associates, via DocuSign” using the email address [email protected] with the subject “Your document Settlement 123456 is ready for signature!” and it contains a link to a malicious, macro-enabled Word document. This email is not sent from DocuSign. Do not click the link in this email, instead please forward it to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • The DocuSign Trust Center is the best source of information regarding alerts or threats to the DocuSign environment. 

    Always leverage official DocuSign channels to ensure information you receive regarding alerts or threats is accurate. For example, we have been alerted that certain companies are using the DocuSign name (coupled with inaccurate information on security threats) to enhance sales of their security products and services. Stay proactively informed on alerts and threats by subscribing to our DocuSign Support Twitter feed #AskDocuSign or find the latest accurate information by visiting us here at https://docusign.com/trust.

Pages