DocuSign, a major player in the – please sign this digitally for me – space, has announced a data breach. This breach has since led to a series of malware phishing attacks targeting it’s customers. Now, the company stresses the breach as limited. The data stolen was limited to name and email address, so if you use good click restraint, you can protect yourself from any malware phishing attacks.
From the company…
“Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real DocuSign ones, but they try to trick you into opening an attached Word file and click to enable editing.
But if you do that, malware may be installed on your workstation. So if you get emails that look like they come from DocuSign and have an attachment, be very careful. If there is any doubt, pick up the phone and verify before you electronically sign any DocuSign email. Remember: Think Before You Click.”
Some subject lines to look out for include
- Completed: [domain name] – “Wire transfer for recipient-name Document Ready for Signature”
- Completed [domain name/email address] – “Accounting Invoice [Number] Document Ready for Signature”
- Subject: “Legal acknowledgement for [recipient username] Document is Ready for Signature”
The thing is… cybercriminals are getting really crafty. You may remember the Google Docs scam from a few weeks ago. By the time you realize the link is bad, it’s too late.
So, you need to be smart, and you need to have a solid backup.
Want us to assess your backup, give us a call!