back to article DocuSign forged – crooks crack email system and send nasties

Electronic signatures outfit DocuSign has warned world+dog that one of its email systems was cracked by phisherpholk. The company has of late reported an extensive phishing campaign that sees messages with the subject line “Completed *company name* - Accounting Invoice *number* Document Ready for Signature” land in plenty of …

  1. Fazal Majid

    The perils of outsourcing

    Sounds like their email marketing provider was compromised. No doubt marketing selected the said provider based on the color scheme of their website with no input from IT or security audit.

  2. the Jim bloke Silver badge

    This is why...

    I delete all correspondence asking for money

    1. Anonymous Coward

      Re: This is why...

      Isn't it more usual for them to offer you money?

  3. Hopalong


    Well, as a user of Docusign (the agency I can currently with uses it for contract documents), I have received no warnings and four of these fake emails - which where assigned to the bin.

    The embedded link sends you to a Russian website.

    1. RyokuMas Silver badge

      Re: world+dog

      @Hopalong - same here: four mails so far and no warning.

    2. Alfie

      Re: world+dog

      Yeah, no warning and 2 emails weirdly from Josh $randon_surname

      Strangely enough I didn't feel the need to click on the links, but looked fairly authentic and you can imagine some numpty falling for it.

    3. Shrek

      Re: world+dog

      In the process of selling our house and our agent uses DocuSign for the contract and we are at a stage where we are nearing exchange so not impossible (although unlikely as it's with the solicitors at this point of course) that there would be something we needed to sign.

      It's a pretty good fake and it was mainly because a couple of things looked off (i.e. no mention of the property, the domains in the links/from address, etc) and it had been trapped by my mail providers spam filter that I went looking for news of a leak. Considering the amount of spam they send about signing up for their service it's piss poor not to have been notified about this - plus it guarantees I wouldn't be paying for their service in future.

  4. Anonymous Coward
    Anonymous Coward

    Yeah...same here. Lodsa junk and the scum responsible didn't bother to notify me either.

  5. Peter Durkee

    There must've been another similar run that went out as we got around 30 of them, but they were from all different ip addresses having nothing to do with Docusign. Presumably a botnet was doing the honors.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019