DocuSign Suffers Breach That Leads to Phishing Emails Sent to Their Users

Media Division | May 19, 2017

There are many clever scams out there that attackers will use to attempt to fool individuals and organizations into malicious traps.  One that has been circulating more frequently as of late involves getting users to download Microsoft Word documents that contain malicious code within them.  This is the method that was used in a large phishing campaign that was targeted toward users of DocuSign, an electronic signature company.

How the Phishing Campaign Was Targeted

Last week, DocuSign had discovered an increase in the amount of phishing emails that were imitating their brand, and they were being precisely targeted at users of the service.  With the type of securing service that DocuSign offers, it is not uncommon for scams to impersonate them, but the oddity was the frequency and precision targeting. Upon investigating the situation further, it was discovered that the reasoning behind this was that the company had been hacked.  An attacker had breached a “non-core system” that is used by DocuSign to send service announcement emails. This system had, of course, contained a significant amount of user emails, which the hacker had then used to launch a targeted phishing campaign.  Fortunately, the company emphasized the fact that only email addresses had been affected, meaning user’s names, passwords, Social Security numbers, and other such data was not compromised.

The emails would originate from a domain that was similar to that of DocuSign and purported themselves as the company. As mentioned above, the phishing campaign had asked the recipients to download a malicious Microsoft Word document. In attacks like these, the goal is often to get the user to download the document and then enable macros, which is essentially code embedded within the document.  Once macros are enabled, it allows the malware to then carry out its destructive purpose, such as stealing information or linking the device to a botnet.

DocuSign stated that they had taken immediate action to increase security and that they have been in contact with law enforcement. There does not appear to be any reports in regard to the method used by the attacker to breach DocuSign, nor whether the hacker has been identified.

The Importance of Anti-Phishing Solutions

Phishing attacks like the above are employed heavily by cyber attackers, as they are easy to launch and continue to have great success.  In fact, they are one of the most prevalent types of cyber attacks. As more people fall victim to these scams, the more attackers continue to use them. This is why it is necessary that an organization and individuals have anti-phishing solutions in place. One major part of this is ensuring that employees are educated upon the indicators of these campaigns, as they are then able to identify and report them, rather than falling victim.  Many phishing attacks are successful simply because of an undereducated individual clicking on a malicious link or attachment.  While prevention of phishing attacks is important, there is also the need to be prepared for the event of a successful breach.  Organizations need to be able to mitigate the immediate threat, as well as trace and eliminate the source of the campaign. Those who rely purely on prevention often find themselves scrambling in the event of a successful attack. Massive Alliance offers anti-phishing solutions that can not only help to prevent these types of attacks but also assist those who have been breached and require mitigation.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.