WannaCry_BangkokDocuSign has admitted they were the victim of a data breach that has led to massive phishing attacks which used exfiltrated DocuSign information.

They discovered the data breach when DocuSign customers were being targeted with phishing campaigns. They are now advising customers to filter or delete any emails with subject lines like:

  • Completed: [domain name] – “Wire transfer for [name] Document Ready for Signature”
  • Completed: [domain name / email address] – “Accounting Invoice [number] Document Ready for Signature”
  • Subject: “Legal acknowledgement for [recipient name] Document is Ready for Signature”

The campaigns all have Word Documents as attachments and use social engineering to trick users into activating Word’s macro feature which will download and install malware on the user’s workstation. DocuSign warned that it is highly likely there will be more campaigns in the future.

Before clicking on any links or opening any documents, Think Before You Click. Were you waiting on a document that needs to be signed? No? Then don’t click. Were you waiting on a document, but the email looks different than usual? Call and verify with the sender before clicking. Another recent example listed the sender’s domain as dousign.com instead of docusign.com – stay vigilant and look for these little errors.

Feel free to share this article with your employees, friends and family. If you are interested in learning more about Security Awareness Training to help yourself and/or your staff with identifying potential phishing emails, please let me know. We have teamed up with one of the largest Security Awareness Training companies to help educate our clients about this important topic.