Electronic signature technology company DocuSign has admitted that it suffered a breach of one of its computer systems resulting in stolen data including customer and user email addresses. The breach has allowed the hackers to target DocuSign customers and users to send phishing emails requesting wire transfers. This is particularly concerning since so many companies use DocuSign for electronic signatures and employees may not be alert or wary of receiving an email from DocuSign requesting authority to transfer funds.
The malicious malware that customers receive have in the subject line “Completed: docusign.com—Wire Transfer Instructions for recipient-name Document Ready for Signature.” The emails include a link to a Word document that contains malware. The emails spoof and use the DocuSign branding in the header and body of the email.
Customers and users of DocuSign should alert their users of the malicious malware and to be vigilant regarding any emails allegedly sent to them by DocuSign. DocuSign has requested that any users who receive a suspicious email forward it to firstname.lastname@example.org.
Employees associated with wire transfers in the organization should be alerted about this concerning malware campaign to protect against a successful intrusion and theft of funds.