A recent wave of DocuSign phishing emails has been linked to a data breach at the digital signature technology provider. A hacker gained access to a ‘non-core’ system that was used to send communications to users via email and stole users’ email addresses. The privately held company, which makes software to add legally compliant electronic signatures to documents, said only email addresses were accessed.
The data breach was discovered in the last two weeks when spam campaigns targeting clients were detected. As is typical in phishing attacks all emails used official branding and were created to look like official DocuSign emails. The subject lines of the email were also typical of recent CEO phishing scams, referring to invoices and wire transfer instructions. The phishing emails contained a link to a downloadable Microsoft Word document that contained malware.
The data breach only affected DocuSign account holders, not registered users of eSignature. It is currently unclear exactly how many email addresses were stolen, although the DocuSign website indicates the firm has more than 200 million users. The san Francisco based firm has been tracking the phishing emails and reports there are two main variations with the subject lines: “Completed: docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature,” or “Completed *company name* – Accounting Invoice *number* Document Ready for Signature.”
With careful thought and planning, organisations can significantly lower their exposure to a phishing attack and potential data breach. Failure to do so will result in direct financial loss and severe reputational damage.
Are you an IT professional that wants to ensure sensitive customer and staff data and devices are protected? Talk to a security specialist or Email us at info@titanhq.com with any questions.