Electronic signatures outfit DocuSign has warned world+dog that one of its email systems was cracked by phisherpholk.
The company has of late reported an extensive phishing campaign that sees messages with the subject line “Completed *company name* - Accounting Invoice *number* Document Ready for Signature” land in plenty of inboxes. As is the way with such things the mail carried a link to a Microsoft Word document bearing “macro-enabled-malware.”
DocuSign warned users about the flood of dodgy mails, checked its core systems and found them watertight.
But it's now admitted that its ongoing investigations found that “ … a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email.”
“A complete forensic analysis has confirmed that only email addresses were accessed,” the company says, adding that “no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.”
The compromise of a DocuSign system means the phishing mails sent as a result will likely look rather authentic, making it more likely that users will click on them and the files to which they link.
If they do, those users will expose themselves to what DocuSign describes as “malware spam”.
Fighting back is easy: DocuSign advises deleting any mail with the following subject line:
Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”.
The company says it's working with law enforcement authorities to sort this out and has hardened its systems with extra layers of security in an effort to stop this kind of thing recurring. ®