Controllers of DocuSign endorse online communities to join their digital signature service. If you have ever attempted to sign or approve a document online, you might have exploited a comparable facility. The latter service administers other utilities that bring DocuSign positive evaluation from its clients and result in an affirmative reputation. Nevertheless, not a single online service is fully immune to attacks from hackers, and breaches of users’ information is not an exceptional repercussion. This time, we are discussing the leakage of digital data from DocuSign and the fact that the disclosed info was exploited to launch a spam campaign.
Deceptive letters from unknown sources became a headache about a month ago, but it is only now that DocuSign officially acknowledged that third-parties gave conducted an attack against their databases. While highly confidential details remain to be locked behind nine locks (credit card details, accounts’ credentials, names), hackers did manage to obtain a bouquet of email addresses. As a result, addresses that hackers managed to score became the targeted audience.
Unidentified third-parties aimed to compose emails that would look similar to letters that DocuSign would officially send to their clients. The establishment confirms that such an activity has been noted and their clients should proceed with caution. Even if you do assume that DocuSign has sent you a letter of confirmation (or basically any other type of message), you should not instantly presume its legitimacy. Pay attention to whether the received email is even remotely applicable to you: it might be that hackers will write vague statements, without including any individual information that would suggest its truthfulness.
Rogue letters will insinuate that a user is ought to download an attached executable as it will be the source of additional information. However, DocuSign clearly objects and stresses out that their legitimate representatives would never attach supplementary files. Additionally, the official service would also not include links to other websites in the email letters they sent around.
If you happen to be playing a role of the targeted DocuSign user, the service asks you to share the spam letter you received. Before permanently removing the message from your inbox, sent it to firstname.lastname@example.org.
It does not really matter which service reaches out to you and recommends you to download an attachment. Spam campaigns are very widespread, with new ones being detected each week. Fake messages have a tendency to contain grammatical errors, typos. Additionally, their senders’ email addresses are usually strange. One feature was already mentioned: the fact that they usually contain attachments or URLs to other websites.