Another day, another data incident. If you use DocuSign, you’ll want to pay attention.

The provider of e-signature technology has acknowledged a data breach incident in which an unauthorized third party gained access to the email addresses of DocuSign users. Those email addresses have now been used to launch a massive spam campaign. By using the stolen email address database and sending “official” looking emails, cyber criminals are hoping that recipients will be more likely to click on and open the malicious links and attachments.

DocuSign’s alert to users says in part:

[A]s part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email. A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

A portion of the phish in the malicious campaign looks like this:

Click here to view image. 

Two phishing campaigns already detected and more likely

The DocuSign Trust Center has posted alerts notifying users of two large phishing campaigns launched on May 9 and again on May 15.

The company is now advising customers NOT TO OPEN emails with the following subject lines, used in the two spam campaigns.

  • Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature
  • Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature

We recommend that you change your DocuSign password in light of this incident as an extra measure of caution. Also, DocuSign (and other similar services) offer two-factor authentication, and we strongly recommend that you take advantage of this extra security measure.

As always, think before you click.