A data breach at E-Signature company Docusign is reportedly behind another malware campaign which has been targeting users of the service over the last week.
A phishing email impersonates a genuine email – in this case one from Docusign requesting a digital signature – which contains link or attachments that deploy malware to your machine
The Docusign breach involved the theft of email addresses of users of the service. These users are now receiving email from false email addresses such as firstname.lastname@example.org with a ‘fake’ Microsoft Word attachment which contains the malware. DocuSign said only email addresses had been accessed in the breach.
“No names, physical addresses, passwords, social security numbers, credit card data or other information was accessed,” the company advised.
“No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.”
The company said it had put new security controls in place to prevent further breaches
It is important that end users treat any such emails with extreme caution and to delete them if in any doubt.
If you are interested in advanced email security solutions which help protect against phishing and social engineering emails, please contact our Sales Team on 0845 507 0846.