Phishing campaign alerts DocuSign to customer data breach

A bizarre email address or an obvious misspelling are good indicators that the recent email telling you to reset your Apple ID password isn’t what it seems. But there are more sophisticated (and believable) phishing attacks you have to watch out for, like the recent Google Docs scam that linked out to a legit-looking web app. Last week, DocuSign spotted an uptick in phishing emails imitating the company’s branding. Being in the business of secure document management, it’s not uncommon for DocuSign’s name to be on the face of a phishing email; but upon further investigation the firm discovered why this particular campaign was so targeted: It’d been hacked.

As it turns out, “a malicious third party” had managed to break into a “non-core system” that DocuSign uses to send out service announcement emails. This is why the phishing campaign has been so accurately targeting customers, though the red flag here is that emails ask recipients to download a Microsoft Word document (containing malware), which isn’t something a genuine DocuSign email would ever request.

The company stresses the breached system contained only a list of email addresses, that it has since been secured, and that all other data and services were untouched. Obviously it’s still not a good look for DocuSign given data security is an integral part of its pitch, but it’s an important reminder that just because an email looks above board at first glance doesn’t mean it can be trusted.

Via: Krebs on Security

Source: DocuSign

Source: Engadget - Read the full article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On