Scam of the Week: Massive DocuSign Phishing Attacks

One of the most popular sources for online document signing has been the victim of a data breach. For a decade and a half, DocuSign has been a world leader in digitizing tasks that used to require pen and paper. They have admitted to being the victim of a data breach that has led to massive phishing attacks which used exfiltrated DocuSign information.

So what exactly did the bad guys get? They got email addresses. Possibly more than 100 million of them. This may not seem like such a big deal at first, but nowadays cyber-criminals are able to refine their attacks and design emails that are almost impossible to tell apart from the real deal.

Here’s what you need to do: If you receive an email from DocuSign that has an attachment, DO NOT OPEN IT. Pick up the phone and call DocuSign to verify before you click on any DocuSign email. If you are at all doubtful of the legitimacy of the email, you shouldn’t click anything before calling DocuSign.

How does BECA protect against these emails? Our team uses Reflexion to filter all emails before they land in our users’ inboxes. One of our own engineers received a fake email from DocuSign on Monday, but Reflexion trapped it first. The email never made it into his inbox. He only saw it when he was doing his weekly quarantine check. Stopping the bad emails before they even get into your inbox is one of the best ways to prevent viruses and malware.

docusign2

As always – think before you click!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s