If you ever work on contracts with other companies there is a good chance you will have found yourself signing a document electronically, and if that’s the case there’s a good chance you will have used the DocuSign digital signature service. You may not have even used the service so often that you barely think twice before clicking on links that the company sends to you.
The truth is, however, that you might be wiser to show more caution.
Earlier this month DocuSign detected that some of its customers and users were receiving emails purporting to come from the company, attempting to trick recipients into clicking on an attached Word document that would install malware.
The emails had subject lines like:
“Completed: [domain name] – Wire Transfer Instructions for [recipient name] Document Ready for Signature”
“Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”
So far, so not very unusual. It sounds like the usual story of online criminals forging email headers and spamming out malware posing as a legitimate communication.
But the story has become more serious, as DocuSign has now discovered that hackers managed to breach its systems and gain access to a system that allowed the attackers to send out emails to DocuSign’s customers.
“…today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email. A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.”
In short, the malicious emails pretending to come from DocuSign were really coming from DocuSign, albeit sent by an unauthorised third-party who had breached their systems.
DocuSign is asking users who have received suspicious emails to forward them to [email protected], before deleting them from their inbox.
The company is also underlining that it will never ask recipients to open a PDF, Word document or ZIP file attachment in an email.
Of course, following the breach your email address has fallen into the hands of hackers. They may use that to send you fraudulent emails designed to infect your computer with malware or steal your credentials, or they may even sell it on to other criminal gangs.
Keep your wits about you, and always be careful about clicking on unsolicited email attachments – even if it does appear to have been sent to you by a legitimate business.