<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=573132769549581&amp;ev=PageView&amp;noscript=1">
Tech Alert: DocuSign Data Breach – Email Hacking Campaign Blog Feature
Mireya Fernandez

By: Mireya Fernandez on June 5th, 2017

Print/Save as PDF

Tech Alert: DocuSign Data Breach – Email Hacking Campaign

Tightening IT Security | Tech Alert

Here we go again, more pirates from the Dark Web’s waters have stolen information to hack your system.

These cyber pirates, also known as hackers, were able to compromise the customer and user email database of DocuSign, a major provider of electronic document signing services. In the back of your mind, I’m sure you’re thinking, “So what? A lot of people have my email address.”

Well, unfortunately, there is a TON of power in a list of emails.

While the initial discovery happened in early May 2017, the legs on this type of breach are long.

Circling back to our Deep Web article, do you think these hackers will retire these emails post-scamming efforts or sell them to the highest bidder?

Let’s investigate why they would do this, to begin with.

What is Social Engineering?

Social engineering is the biggest trick of them all. It is a deception-based email that tricks you into some kind of action. This can include downloading something, opening an attachment, or giving access to confidential/personal information.

These schemes are most successful when the hackers know that you’re a customer or use a particular service. They might also tailor it to include other information they’ve found about you online.

Let's Set the Stage:

You are a customer of DocuSign, or you’ve been using DocuSign to buy a house. You get an email that looks and sounds just like other DocuSign emails you have received. You download the attachment from this “secure” email and BAM just like that your whole system has been compromised.

That simple act has infected everything because you allowed your computer to open that ONE attachment. Pretty scary stuff, right?

How the DocuSign Phishing Email Campaign is Being Used

The email campaign is just what it sounds like; the hacker is sending out emails parading as DocuSign. This email is meant to trick you into clicking on something that seems safe and familiar.

Here are a couple examples/screenshots of emails that have been sent out already, courtesy of KnowBe4:

    • Completed: [domain name] – "Wire transfer for recipient-name Document Ready for Signature"
    • Completed [domain name/email address] – "Accounting Invoice [Number] Document Ready for Signature"
    • Subject: “Legal acknowledgement for [recipient username] Document is Ready for Signature”


While, thus far, these email attacks have been Word document attachments that ask you to activate macro features, DocuSign has released a statement stating that the likelihood of more campaigns and different methods of attack are likely to continue.

Time to Beef Up Security

Work with your managed IT service provider or IT department to get the word out to your employees about the potential threat. Everyone should be in the loop on email best practices.

Holding a staff meeting about safety tips wouldn’t be a bad idea either. Consider a short but effective refresher course that trains on the red flags to a void. Perhaps your IT team can send a fake phishing email to all employees, company-wide. Tools like these help identify which employees are more likely to accidentally fall for a phishing scam. It’s a teaching moment, not a setup.

Ultimately phishing scams can happen to anyone at any time. The best thing you can do is stay informed while working with your IT provider to keep your company’s security and best practices up to date.

Related: What to Do When Your Email Has Been Hacked

New Call-to-action

Tech Alert

Things change rapidly in the world of tech. We'll keep your business up-to-date on the latest information technology news so you can stay in the know.