DocuSign – the company that lets users ‘sign’ documents digitally – has admitted they have been hacked.
During the data breach, hackers managed to take user email addresses, and cyber-criminals haven’t wasted any time as multiple users have already reportedly fallen victim to phishing emails.
The lack of delay means that DocuSign didn’t even have time to warn users that their information was compromised and to look out for “malicious third party” activity. Reportedly, users were enticed to click on a harmless looking Microsoft Word document, but the document contained certain malware to steal passwords and banking information.
DocuSign has spoken out about the data breach and ensured that “no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed”.
“DocuSign’s core e-signature service, envelopes and customer document and data remain secure” continued the statement. Whilst it’s great news that most of the customer data was not compromised, we can’t ignore the risk users are still at even with just a stolen email address.
The danger of phishing scams
Phishing emails sound simple enough to avoid, but they remain a huge problem in today’s digital world. Many people often sign up to multiple newsletters and are often contacted by people we’re not completely familiar with.
Phishing emails have evolved from dodgy looking URL web links to realistic emails copying the image and names of trusted brands. A big concern is the lack of help provided for victims of phishing in many cases. If your credit card is stolen and the thief goes on a spending spree, the bank is likely to replace your card and any lost funds; but when it comes to lost funds through a phishing scam, banks may not be as sympathetic where they deem that you ‘voluntarily’ provided cyber criminals with access to your information.
Users should delete suspicious emails
DocuSign has urged users to delete any suspicious messages immediately, but for some it may be too late. After all, it’s becoming more and more difficult to distinguish a phishing email to a genuine one.
The company have been made aware that a number of the phishing emails were sent using the domain ‘docus.com’ and includes the following subject line: “Document Ready for Signature”. Busy workers may not have time to check and scrutinise every email they deal with, and one small oversight can release extremely harmful malware.
Phishing scams are extremely common
Keith Martin, a professor or Information Security at the university of London, explains that phishing is extremely common as it is easy to do and very effective in tricking recipients.
“Where it’s targeting a bank, for example, the senders are going to use headers and language that’ll make customers believe it’s their bank … it’s literally like fishing, hoping to get some bites, chucking a message out there speculatively.”
Sooner or later there will be ‘bites’ and malware will be released into the victims’ device, stealing more information.