DocuSign Phishing: Data Breach Lead to Malware Phishing Campaign

This week, a data breach at DocuSign lead many customers to become the latest malware victims. Counterfeit emails convinced users to open an attachment that contained malicious software.

It is unclear how many individuals have been infected by this malware but DocuSign supports 200 million users in 188 countries, providing hackers with a huge target pool. This attack proves once again just how important advanced phishing protection is for all vectors.

A Data Breach lead to…

DocuSign admitted that they were the victim of a data breach earlier this week. Hackers accessed customer emails after infiltrating a separate system used by DocuSign to send service announcements to their users. However, hackers quickly exploited this email list for their own malicious phishing campaign. Luckily, this breach did not expose customer’s physical addresses, passwords, social security numbers, credit card details, or other personal information but the malware could give third-parties access to this data.

…Phishing Emails

DocuSign customers received an email informing them that they had received a wire transfer or accounting invoice that was ready for review. Once customers opened the attached Word document, their computers were quickly infected with malware that has the ability record passwords, banking information, and other confidential data.

Example of the phishing email targeting DocuSign users

Why It Works

Even though the threat of phishing and malicious software is nothing new, many individuals still don’t know what signs to look out for or don’t have adequate phishing protection. This DocuSign phishing attack utilized many of the common phishing tactics like:

  • Counterfeit branding and language: hackers used the standard DocuSign formatting, branding, and language to trick users into thinking the email was legitimate.
  • Slight email variation: The sender of the email came from a “docus.com” domain, a similar but slightly different domain from the real “docusign.com”.

You Need Advanced Phishing Protection

The DocuSign phishing attack proves once again just how important phishing protection is for all organizations. Hackers are not just targeting large corporations; they are targeting whoever they can to make the most profit. In this case, likely by selling the passwords and banking information gathered by the malware on the dark web.

The Vade Secure Solution

Our advanced email security software was able to block this attack from the very first email.

Unlike signature-based filters, our solution uses artificial intelligence with a layered analysis approach to protect against all types of known and unknown threats including:

Protect your organization with predictive email security from Vade Secure. For more information about our solution or for proof of concept contact us.

Sharing is caring:

By Sébastien GEST

Sébastien GEST
Tech evangelist VadeSecure

Leave a Reply

Your email address will not be published. Required fields are marked *