Did you get a DocuSign agreement sent to you lately that didn’t quite look right — and that had a Word document attached for download? If you downloaded that document, then you could have installed malicious software onto your device.

  • Last week, DocuSign warned users to be wary of unexpected emails with a certain subject line.
  • This week, the company shares more details, including the fact that the third party responsible for the email was able to access DocuSign customer email addresses (but nothing else, the company says).

Did you get a DocuSign agreement sent to you lately that didn’t quite look right — and that had a Word document attached for download?

If you downloaded that document, then you could have installed malicious software onto your device.

A week ago, the company posted a note in its Trust Center about the campaign. It warned users to be wary of unexpected emails with the subject line “Completed: docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature” and including a Word document for download.

The invitation to download the document was “designed to trick the recipient into running what’s known as macro-enabled-malware,” said DocuSign in the post.

What’s the ‘malicious campaign’?

A valid DocuSign email will invite the recipient to view and sign a PDF through the company’s secure platform rather than attach a document download — but this campaign is targeting actual DocuSign customers, and many of them might not hesitate to download a document from a company they think they know.

DocuSign noted in its Trust Center that the emails are sent from email addresses not related to DocuSign — for example, “dse@docus.com.” “Legitimate DocuSign signing emails come from @docusign.com or @docusign.net email addresses,” the company added.

Earlier this week, DocuSign said that it “confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email.”

This is how that third party was able to get a hold of some DocuSign customer email addresses; the company says that’s all the hackers got, though. “No names, physical addresses, passwords, social security numbers, credit card data or other information was accessed,” it stated. “No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.”

How can you protect yourself?

First, err on the side of suspicion. Are you expecting a document to examine or sign? No? Then be extra alert.

Next, look at the sender and the subject line. — if the email address domain says anything other than @docusign.com or @docusign.net, this could be part of the malicious campaign.

And if the subject line says “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” or “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature” — delete those emails; they didn’t come from DocuSign.

If the link inside the document directs you somewhere other than a www.docusign.com or a www.docusign.net domain — that’s not right.

DocuSign also suggests that all users ensure their anti-virus software is updated (and enabled) and offers a phishing white paper as a resource.

Email Amber Taufen

Like me on Facebook! | Follow me on Twitter!

Show Comments Hide Comments
Sign up for Inman’s Morning Headlines
What you need to know to start your day with all the latest industry developments
By submitting your email address, you agree to receive marketing emails from Inman.
Success!
Thank you for subscribing to Morning Headlines.
Back to top
×
Log in
If you created your account with Google or Facebook
Don't have an account?
Forgot your password?
No Problem

Simply enter the email address you used to create your account and click "Reset Password". You will receive additional instructions via email.

Forgot your username? If so please contact customer support at (510) 658-9252

Password Reset Confirmation

Password Reset Instructions have been sent to

Subscribe to The Weekender
Get the week's leading headlines delivered straight to your inbox.
Top headlines from around the real estate industry. Breaking news as it happens.
15 stories covering tech, special reports, video and opinion.
Unique features from hacker profiles to portal watch and video interviews.
Unique features from hacker profiles to portal watch and video interviews.
It looks like you’re already a Select Member!
To subscribe to exclusive newsletters, visit your email preferences in the account settings.
Up-to-the-minute news and interviews in your inbox, ticket discounts for Inman events and more
1-Step CheckoutPay with a credit card
By continuing, you agree to Inman’s Terms of Use and Privacy Policy.

You will be charged . Your subscription will automatically renew for on . For more details on our payment terms and how to cancel, click here.

Interested in a group subscription?
Finish setting up your subscription
×