Since the year 2000, when the Electronic Signatures in Global and International Commerce Act became a U.S. Federal law, “e-signing” digital documents has become a convenience for many businesses, large and small. It saves time, it saves trees, but is it putting your company at risk?
One popular service, DocuSign, admitted that hackers had gained temporary access to a non-core system DocuSign uses for service announcements. Their investigation determined that only email addresses were accessed – no names, social security numbers, credit card data or other sensitive information was compromised. While the electronic document signing company hasn’t declared how many email addresses were involved, Forbes estimates the number could be more than 100 million.
Hackers then used these email addresses for several phishing campaigns to DocuSign customers. The emails asked recipients to download a Word document attachment. Occasional users not familiar with DocuSign’s procedures may have been tricked into opening the malware-laden document.
If you receive email from DocuSign and you don’t recognize the sender (perhaps the email is misspelled), you were not expecting a document to sign, the email contains an attachment or directs you to a link that starts with something other than https://www.docusign.com, forward the suspicious email to spam@DocuSign.com and delete it from your computer.
Be vigilant when opening emails, even from trusted business partners. Here are a few tips to protect your company from phishing attacks:
- Carefully check the email address to make sure it is free of typos and from the organization it claims to be from.
- Be wary of generic salutations, such as “Dear Valued Customer.”
- Don’t let urgent subject lines (“Account suspended!” or “Unauthorized login”) startle you into rash action.
- Check for spelling and grammar mistakes in the body of the email.
- Review the signature section to ensure there is plenty of valid contact information.
- Hover your mouse over any links embedded in the email. If the URL looks suspicious, don’t click on it.
- Don't open e-mail attachments that you did not expect to receive.
- Keep antivirus, antispam, and firewall software applications up-to-date.
If you have already opened a suspicious attachment and suspect you have been hacked, contact your I.T. department immediately or, if you are one of our clients, call our Lanspeed technicians for help.