Scam of the Week: Massive DocuSign Phishing Attacks

One of the most popular sources for online document signing has been the victim of a data breach. For a decade and a half, DocuSign has been a world leader in digitizing tasks that used to require pen and paper. They have admitted to being the victim of a data breach that has led to massive phishing attacks which used exfiltrated DocuSign information.

So what exactly did the bad guys get? They got email addresses. Possibly more than 100 million of them. This may not seem like such a big deal at first, but nowadays cyber-criminals are able to refine their attacks and design emails that are almost impossible to tell apart from the real deal.

Here’s what you need to do: If you receive an email from DocuSign that has an attachment, DO NOT OPEN IT. Pick up the phone and call DocuSign to verify before you click on any DocuSign email. If you are at all doubtful of the legitimacy of the email, you shouldn’t click anything before calling DocuSign.

How does BECA protect against these emails? Our team uses Reflexion to filter all emails before they land in our users’ inboxes. One of our own engineers received a fake email from DocuSign on Monday, but Reflexion trapped it first. The email never made it into his inbox. He only saw it when he was doing his weekly quarantine check. Stopping the bad emails before they even get into your inbox is one of the best ways to prevent viruses and malware.


As always – think before you click!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.