Electronic signature company DocuSign is warning users to be on the lookout for malicious messages after hackers gained access to one of its systems and made away with user email addresses.
The company has detected an increase in phishing emails sent to some of its customers and users over the past week. The emails are spoofed to look like they're coming from DocuSign, and attempt to trick recipients into opening an attached Word document that contains malware.
The malware campaign comes after a "malicious third party" accessed a system DocuSign uses to email users. The hackers stole user email addresses; DocuSign said all other user information — including names, physical addresses, passwords, Social Security numbers, and credit card data — is safe.
"No content or any customer documents sent through DocuSign's eSignature system was accessed; and DocuSign's core eSignature service, envelopes and customer documents and data remain secure," the company wrote.
The hackers have been targeting DocuSign users with malicious emails that include subject lines such as "Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature" and "Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature." If you see an email with one of these subject lines, delete it right away; it's not from DocuSign and contains a link to malware spam.
Related
- WannaCry Ransomware: What You Need to KnowWannaCry Ransomware: What You Need to Know
You can also forward any suspicious emails to DocuSign at spam@docusign.com. The company said to be cautious of emails sent from someone you don't know, contain an unexpected document to sign, contain misspellings (like "docusgn.com" without an 'i'), attachments, or direct you to a link that starts with something other than docusign.com or docusign.net.
DocuSign said it "took immediate action" to shut down the breach and put security controls in place to prevent a similar intrusion in the future. The company is now working with law enforcement to further investigate the incident. If you have any questions, contact DocuSign at emailservice@docusign.com or call 1-800-379-9973.
"Your trust and the security of your transactions, documents and data are our top priority," the company wrote. "The DocuSign eSignature system remains secure, and you and your customers may continue to transact business through DocuSign with trust and confidence."
A Google Docs phishing attack is trying to hijack email accounts on a grand scale.
Approaching someone you don't know to ask them a favor doesn't work online any better than in real life.
Relax Beware of Bogus, Malware-Ridden DocuSign Emails stories
The 'highly sophisticated' phishing campaign appears to have hit a number of journalists, along with individuals from other industries.
Now, instead of having to rely solely on your spidey senses, Gmail tell you when something's awry.
The malware is currently not detected by security suites and uses a valid Apple developer certificate to infect all versions of Mac OS X.
The hacking group, known variously as Fancy Bear or Pawn Storm, uses sophisticated phishing attempts and targets victims seen as at odds with Russian interests, Trend Micro reports.
A breach discovered over the weekend may have exposed the messages and content in a small number of HipChat rooms, the company said.
By using non-Latin Unicode characters, it's theoretically possible to register a domain name for a phishing website that looks nearly identical to the one it's trying to spoof.
37 restaurants confirmed as having malware installed on point of sale equipment and card details stolen between December and March.
It was meant to be joke malware, but the author managed to infect himself, and the game is impossibly hard.
The company is investigating a report that data for payment cards used at Gamestop.com has shown up for sale online.
Tax-themed spam emails increased 6,000 percent from December 2016 to February 2017. Here are some common scams to look out for.
Cloudflare says it patched a bug that could compromise user accounts at popular websites.
Instagram debuts the funny headwear, animal noses and more you already use in snaps.
Element Electronics has unveiled the first TVs to feature built-in Amazon Fire TV functionality.
Amazon's first actual TV set can integrate live broadcasts and multiple input options.
After its partial victory in court against Oculus, Zenimax has filed a lawsuit against Samsung for knowingly using technology it says it legally owns.
Mars City Design will use enormous 3D printers to build mock Mars habitats in the Mojave Desert.
Thousands of software and hardware developers will descend on the Googleplex to hear about the company's latest products. Here's what they might be.
UploadVR is the latest tech company to stand accused of fostering sexism.
Learn from the wisdom of business gurus Elon Musk, Michael Bloomberg, Li Ka-Shing and more.
iPhone 8 renders, HTC's new flagship phone and Toyota's flying car project.
Move over, U Ultra -- this is the HTC 10's true successor.