Beware of the DocuSign Phishing Scam

May 23, 2017 8:00:00 AM / by Wendy Ballard

Since the year 2000, when the Electronic Signatures in Global and International Commerce Act became a U.S. Federal law, “e-signing” digital documents has become a convenience for many businesses, large and small. It saves time, it saves trees, but is it putting your company at risk?

DocuSign.jpgOne popular service, DocuSign, admitted that hackers had gained temporary access to a non-core system DocuSign uses for service announcements. Their investigation determined that only email addresses were accessed – no names, social security numbers, credit card data or other sensitive information was compromised. While the electronic document signing company hasn’t declared how many email addresses were involved, Forbes estimates the number could be more than 100 million.

Hackers then used these email addresses for several phishing campaigns to DocuSign customers. The emails asked recipients to download a Word document attachment. Occasional users not familiar with DocuSign’s procedures may have been tricked into opening the malware-laden document.

If you receive email from DocuSign and you don’t recognize the sender (perhaps the email is misspelled), you were not expecting a document to sign, the email contains an attachment or directs you to a link that starts with something other than, forward the suspicious email to and delete it from your computer.

New Call-to-action

Be vigilant when opening emails, even from trusted business partners. Here are a few tips to protect your company from phishing attacks:

  • Carefully check the email address to make sure it is free of typos and from the organization it claims to be from.
  • Be wary of generic salutations, such as “Dear Valued Customer.”
  • Don’t let urgent subject lines (“Account suspended!” or “Unauthorized login”) startle you into rash action.
  • Check for spelling and grammar mistakes in the body of the email.
  • Review the signature section to ensure there is plenty of valid contact information.
  • Hover your mouse over any links embedded in the email. If the URL looks suspicious, don’t click on it.
  • Don't open e-mail attachments that you did not expect to receive.
  • Keep antivirus, antispam, and firewall software applications up-to-date.

If you have already opened a suspicious attachment and suspect you have been hacked, contact your I.T. department immediately or, if you are one of our clients, call our Lanspeed technicians for help.

Topics: Security, News & Events

Wendy Ballard

Written by Wendy Ballard

I’m Wendy, and I’m a free agent who helps out in the Accounting and Marketing departments at Lanspeed. I’m an entrepreneur who gets small business, but I’ve also navigated in the corporate environment. When I’m not blogging, you can find me hiking with my dog, reading a book, or dreaming of my next travel destination.

Top 15 most CRITICAL questions to ask about your network every month. 
Subscribe to our blog get a copy of our 100% free checklist:
Monthly IT Health Checklist

Search This Blog

Latest Posts

Popular Posts