DocuSign breach leads to phishing attack on users

DocuSign breach leads to phishing attack on users

Customer email database breached as company rushes to respond

Electronic verification company, DocuSign, is warning its users to be wary of emails purporting to be from the company after a breach left a list of customer email addresses in the hands of cyber criminals.

A week ago, the company warned customers of a malicious email campaign that copied its branding and email headers in an attempt to infect users with malware.

The company issued another warning this morning, telling users it had detected an increase in phishing emails sent to some of our customers and users.

The post said the emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software.

“As part of our process in response to phishing incidents, we confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure,” the company said.

“However, as part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email.

“A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed.

"No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure,” it said.

The company said it took “immediate action” to prohibit unauthorised access to this system and had put further security controls in place, and are working with law enforcement agencies.

The company also issued a guide to users on how to prevent themselves from falling victim of the attack.

  • Delete any emails with the subject line, “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”. These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam.
  • Forward any suspicious emails related to DocuSign to, and then delete them from your computer. They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “” without an ‘i’ or, contain an attachment, or direct you to a link that starts with anything other than or
  • Ensure your anti-virus software is enabled and up to date.

“Your trust and the security of your transactions, documents and data are our top priority,” the company added in the post.

“The DocuSign eSignature system remains secure, and you and your customers may continue to transact business through DocuSign with trust and confidence.”

DocuSign’s global user base is reported to exceed 40 million.

The phishing campaign comes the world’s online community continues to reel from the global malware exploit known as WannaCry, and its variants, which are being referred to as the “biggest ransomware outbreak in history”.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags breachmalwareDocuSign

Show Comments