recommended reading

Threatwatch

Phishing Campaign Targets Electronic Signature Service DocuSign Users

Network intrusion; Spear-phishing

DocuSign, an electronic signature service, warned of a convincing phishing campaign targeting its users.

Since May 9, DocuSign had been tracking an increase in phishing emails that ask users to download a Word document with embedded malware. The company announced Monday a third party accessed a “non-core system” that allowed it to get users’ email addresses but not other information such as names, addresses or the documents being shared.

So the phishing campaign is targeting people who expect to click on links in DocuSign emails.

The company urged users to send suspicious emails to spam@docusign.com and delete any messages from unfamiliar or unexpected senders, that contain attachments or include misspelled domain names.

“We took immediate action to prohibit unauthorized access to this system, we have put further security controls in place, and are working with law enforcement agencies,” the company said.

sector

Web Services

reported

May 16, 2017

reported by

IT News

number affected

Unknown

location of breach

Unknown

perpetrators

Unknown

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

May 09, 2017