DocuSign, a very popular technology that allows you to electronically sign documents, has been the victim of a particularly dangerous malware phishing attack that inevitably puts customers at high risk for a breach. The reason this is especially risky case is because the malware is targeting users who are already expecting to click the DocuSign links in order to use the service. Another reason this attack is dangerous is because this service is incredibly common within businesses and the emails are very similar to the usual, non-threatening emails sent by DocuSign.

On May 9, a malicious email was sent from DocuSign with a subject line that read: “Completed: docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature.”

This incident happened again on May 15, and May 17 with these subject lines:

– Completed [domain name/email address] – “Accounting Invoice [Number] Document Ready for Signature”

– – “Legal acknowledgement for [recipient username] Document is Ready for Signature”

DocuSign warned that highly likely there will be more campaigns in the future.

The emails contain Word documents attachments and use social engineering to trick users into activating certain features of Microsoft Word that will download and install the malware right on to your computer.

What should you do?

Be EXTRA wary of emails coming from DocuSign, if you don’t feel comfortable opening the email – don’t. You can always call the company and ensure that it’s a legitimate email before opening or clicking any links. For more information about protecting your business against phishing attacks, check out our blog post here.

If you’re expecting an email from DocuSign, don’t click any links provided in an email. Enter the security code that is included in each legitimate email on the DocuSign website. DocuSign has made a statement declaring that they will never ask any recipients to open a PDF, Office, or ZIP file in an email. If you’re prompted to do so, the odds are good it’s a phishing attack.

Please feel free to copy and paste this and send the following to your employees, friends, and family (source KnowBe4, Inc.).

“Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real DocuSign ones, but they try to trick you into opening an attached Word file and click to enable editing.

But if you do that, malware may be installed on your workstation. So if you get emails that look like they come from DocuSign and have an attachment, be very careful. If there is any doubt, pick up the phone and verify before you electronically sign any DocuSign email.

Remember: Think Before You Click.”

For up to date information by the minute, check out DocuSign’s Trust Center here . Furthermore, if you think your computer may be infected or if you simply want to learn more about protecting your business from attacks like this, give us a call (781) 262-3849.