If you’re not familiar with the company, DocuSign is used by 12 of the top 15 US insurance companies, 12 of the top 15 US financial services companies and by most real estate agents, nationwide.
It is an electronic platform that allows agents to send official documents to their clients for digital signatures, and as such, it’s used for everything from signing loan documents to establishing insurance policies. In short, the documents housed on DocuSign’s servers run the gamut of sensitive information for hundreds of millions of users around the world.
Knowing this, the hackers breached one of the company’s subsystems and managed to get their hands on the company’s email list.
Armed with this list, they copied DocuSign’s branding, logo and layout, and proceeded to send out emails that appeared to legitimately come from the company. But instead of official documents in need of signing, these emails contained poisoned Word documents containing macro-enabled malware.
The company took swift, decisive action when the breach was discovered, and the phishing attack has been derailed, but if you make use of the company’s services, you may have already received a bogus email.
Having completed their detailed forensic investigation, the company assured its users that none of the stored files were accessed. The hackers were only able to gain access to email addresses, which definitely limits the amount of damage that could be done.
Even so, if a user clicks on the poisoned attachment, there’s no way of knowing what sort of malware could be unleashed. All DocuSign users are urged to take extra care when opening emails that appear to be from the company and ensure that anything they click on is a link to a legitimate file that needs to be signed, and not a Word document.