DocuSign, an electronic signature technology provider, reported Monday that an increase in phishing emails sent to users over the last week resulted from a security breach in a DocuSign system.
A third party accessed a “separate, non-core system,” gaining access to users’ email addresses, according to an update posted to the DocuSign website. The malicious emails sent to those addresses used the DocuSign brand and contained an attached Word document that installs malware when opened.
The company’s report states that other data, including users’ names, passwords, documents and social security numbers, were not part of the security breach.
“DocuSign’s core eSignature service, envelopes and customer documents remain secure,” according to the report.
The company stated that it took immediate action to increase security and is working with law enforcement.
DocuSign urges users to refrain from opening any attachments from DocuSign emails and delete emails with the subject lines, “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature.”
DocuSign also asked users to be vigilant of links that do not match the company’s official domains, https://www.docusign.com or https://www.docusign.net.
Suspicious emails should be forwarded to firstname.lastname@example.org and then deleted.