The perils of outsourcing
Sounds like their email marketing provider was compromised. No doubt marketing selected the said provider based on the color scheme of their website with no input from IT or security audit.
Electronic signatures outfit DocuSign has warned world+dog that one of its email systems was cracked by phisherpholk. The company has of late reported an extensive phishing campaign that sees messages with the subject line “Completed *company name* - Accounting Invoice *number* Document Ready for Signature” land in plenty of …
In the process of selling our house and our agent uses DocuSign for the contract and we are at a stage where we are nearing exchange so not impossible (although unlikely as it's with the solicitors at this point of course) that there would be something we needed to sign.
It's a pretty good fake and it was mainly because a couple of things looked off (i.e. no mention of the property, the domains in the links/from address, etc) and it had been trapped by my mail providers spam filter that I went looking for news of a leak. Considering the amount of spam they send about signing up for their service it's piss poor not to have been notified about this - plus it guarantees I wouldn't be paying for their service in future.