Last week, DocuSign detected an increase in phishing emails sent to some customers and users. The emails "spoofed" the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when opened, installs malicious software.
A complete forensic analysis confirmed that only a list of email addresses was accessed—no names, physical addresses, passwords, social security numbers, credit card data or other information. No content or customer documents sent through DocuSign's e-signature system was accessed. DocuSign's core e-signature service, envelopes and customer documents and data remain secure.
As DocuSign continues to assess the depth of the breach, visit the DocuSign Trust Center for more information and updates. The Big "I" will have ongoing discussions with our contacts at DocuSign regarding how the attack may have affected member accounts and will relay any information we receive once it becomes available.
The internet is a critical component for your business to operate on the DocuSign Global Network. Those committing fraud seek to take advantage of this trusted relationship for illegal purposes. DocuSign continuously monitors for such activity in order to help safeguard customer information, documents and data. You are the first and best layer of defense in combating online fraud. Learning to properly detect and avoid online and email scams is the ultimate protection against fraud. Here are a few resources to get you started:
You can also check out the materials in the Trust Center to help your employees, customers or customers' customers protect themselves from phishing attacks. Email DocuSign or call 800-379-9973 with any additional questions.