Alerts and updates

  • Last week and again this morning, DocuSign detected an increase in phishing emails sent to some of our customers and users – and we posted alerts here on the DocuSign Trust Site and in social media.

    The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software. As part of our process in response to phishing incidents, we confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure.

    However, as part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core communication system used for service-related announcements that contained a list of email addresses. A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

    We took immediate action to prohibit unauthorized access to this system, we have put further security controls in place, and are working with law enforcement agencies. Out of an abundance of caution as a trusted brand and to protect you from any further phishing attacks against your email, we’re alerting you and recommend taking the following steps to ensure the security of your email and systems:

     

    • Delete any emails with the subject line, “Completed: [domain name]  – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”. These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam.
    • Forward any suspicious emails related to DocuSign to [email protected], and then delete them from your computer. They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.
    • Ensure your anti-virus software is enabled and up to date.
    • Review our white paper on phishing. (3.3 MB)  

    Your trust and the security of your transactions, documents and data are our top priority. The DocuSign eSignature system remains secure, and you and your customers may continue to transact business through DocuSign with trust and confidence. 

    For updates and more information, please visit the DocuSign Trust Site where we will post any new information when it becomes available. If you have any questions, please email [email protected] or call +1-800-379-9973.

  • DocuSign is tracking a malicious email campaign where the subject reads: Completed *company name* - Accounting Invoice *number* Document Ready for Signature;The email contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware.

    These emails are not associated with DocuSign. They originate from a malicious third-party using DocuSign branding in the headers and body of the email. The emails are sent from non-DocuSign-related domains including [email protected]. Legitimate DocuSign signing emails come from @docusign.com or @docusign.net email addresses. 

    Please remember to be particularly cautious if you receive an invitation to sign or view a Document you are not expecting. If you have received a copy of the above email, DO NOT OPEN ANY ATTACHMENTS. Instead, forward the email to [email protected] and then immediately delete the email from your system.

    For further advice on how to recognize malicious emails and how to protect yourself you can visit our Trust Center here: https://trust.docusign.com/en-us/personal-safeguards/fraudulent-email-we...

    As a leader in online eSignature security and compliance, DocuSign has a zero-tolerance policy for this type of malicious email and is fully prepared to ensure minimal impact to our customers and company. As we’ve seen, this type of malicious activity is becoming more common, especially to organizations with established, trusted brands. Please note that this malicious activity has no relation to any activity DocuSign is involved.

  • DocuSign is tracking a malicious email campaign where the subject reads: "Completed: docusign.com - Wire Transfer Instructions for recipient-name Document Ready for Signature”.

    The email contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware. 

    These emails are not associated with DocuSign. They originate from a malicious third-party using DocuSign branding in the headers and body of the email. The emails are sent from non-DocuSign-related domains including [email protected] (note the missing "I"). Legitimate DocuSign signing emails come from @docusign.com or @docusign.net email addresses. 

    Please remember to be particularly cautious if you receive an invitation to sign or view a Document you are not expecting. If you have received a copy of the above email, DO NOT OPEN ANY ATTACHMENTS. Instead, forward the email to [email protected] and then immediately delete the email from your system.

    For further advice on how to recognize malicious emails and how to protect yourself you can visit our Trust Center here: https://trust.docusign.com/en-us/personal-safeguards/fraudulent-email-we...

    As a leader in online eSignature security and compliance, DocuSign has a zero-tolerance policy for this type of malicious email and is fully prepared to ensure minimal impact to our customers and company. As we’ve seen, this type of malicious activity is becoming more common, especially to organizations with established, trusted brands. Please note that this malicious activity has no relation to any activity DocuSign is involved.

  • Recently there was an issue reported by Cloudflare that impacted their edge servers.

    The issue in some cases involved surpassing the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive information. Portions of this data may have been cached by search engines and therefore it’s recommended to change your passwords to any services hosted by Cloudflare.

    DocuSign does not utilize Cloudflare in our Digital Transaction Management platform nor do we leverage this service for our corporate infrastructure.

    For more information, please see the link below: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

Pages