DocuSign Phishing Attacks
-
This is to say the least. I've gotten a number of these emails last week.
-
We ditched DocuSign because their API was limited to Enterprise only plans at a crazy amount of money.
For a company that is selling trust in the form of digital signatures, a breach like this is pathetically embarrassing.
-
@Breffni-Potter said in DocuSign Phishing Attacks:
We ditched DocuSign because their API was limited to Enterprise only plans at a crazy amount of money.
For a company that is selling trust in the form of digital signatures, a breach like this is pathetically embarrassing.
WTF are you talking about?
FFS, this is just a basic phishing email and has nothing to do with DocuSign getting breached.
-
C'mon, it's only a Russian domain. What harm could there be in clicking the link
-
@JaredBusch said in DocuSign Phishing Attacks:
@Breffni-Potter said in DocuSign Phishing Attacks:
We ditched DocuSign because their API was limited to Enterprise only plans at a crazy amount of money.
For a company that is selling trust in the form of digital signatures, a breach like this is pathetically embarrassing.
WTF are you talking about?
FFS, this is just a basic phishing email and has nothing to do with DocuSign getting breached.
The phishing was based on three breaches.
-
We've been getting these emails too.
-
@JaredBusch said in DocuSign Phishing Attacks:
@Breffni-Potter said in DocuSign Phishing Attacks:
We ditched DocuSign because their API was limited to Enterprise only plans at a crazy amount of money.
For a company that is selling trust in the form of digital signatures, a breach like this is pathetically embarrassing.
WTF are you talking about?
FFS, this is just a basic phishing email and has nothing to do with DocuSign getting breached.
But they were breached - you know that right? And many of their customers have reported getting phished since the breach happened.
-
@Dashrender said in DocuSign Phishing Attacks:
@JaredBusch said in DocuSign Phishing Attacks:
@Breffni-Potter said in DocuSign Phishing Attacks:
We ditched DocuSign because their API was limited to Enterprise only plans at a crazy amount of money.
For a company that is selling trust in the form of digital signatures, a breach like this is pathetically embarrassing.
WTF are you talking about?
FFS, this is just a basic phishing email and has nothing to do with DocuSign getting breached.
But they were breached - you know that right? And many of their customers have reported getting phished since the breach happened.
Might be unrelated. We aren't a customer.
-
@scottalanmiller said in DocuSign Phishing Attacks:
@Dashrender said in DocuSign Phishing Attacks:
@JaredBusch said in DocuSign Phishing Attacks:
@Breffni-Potter said in DocuSign Phishing Attacks:
We ditched DocuSign because their API was limited to Enterprise only plans at a crazy amount of money.
For a company that is selling trust in the form of digital signatures, a breach like this is pathetically embarrassing.
WTF are you talking about?
FFS, this is just a basic phishing email and has nothing to do with DocuSign getting breached.
But they were breached - you know that right? And many of their customers have reported getting phished since the breach happened.
Might be unrelated. We aren't a customer.
Correct. This is a phishing email. While data involved from their breach may well have been used to seed some emails for better luck in getting responses, the email itself is simply a phishing email.
I have them in multiple client admin accounts and I know that there are no Docusign users at these clients.
-
As everybody noticed, the delivery vector for these phishings is email. So an email filtering engine that is capable of detecting phishing attacks, either by recurrent pattern detection (like Cyren), or via URL extraction and checks (like Kaspersky or BitDefender), when in place, will keep your users safe. These phishing emails are also caught by open source engines like the veteran SpamAssassin or the new kid on the block OrangeAssassin (from SpamExperts).
