Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the login-customizer domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home1/natiopq9/public_html/wp-includes/functions.php on line 6131

Warning: Cannot modify header information - headers already sent by (output started at /home1/natiopq9/public_html/wp-includes/functions.php:6131) in /home1/natiopq9/public_html/wp-includes/feed-rss2.php on line 8
docusignphish Archives - The National Law Forum https://nationallawforum.com/tag/docusignphish/ Legal Updates. Legislative Analysis. Litigation News. Wed, 17 May 2017 16:32:58 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 https://i0.wp.com/nationallawforum.com/wp-content/uploads/2017/11/cropped-grey-temple-Converted.jpg?fit=32%2C32&ssl=1 docusignphish Archives - The National Law Forum https://nationallawforum.com/tag/docusignphish/ 32 32 111745018 Yesterday, #WannaCry. Today, #DocuSignPhish https://nationallawforum.com/2017/05/18/yesterday-wannacry-today-docusignphish/ Thu, 18 May 2017 15:39:38 +0000 http://nationallawforum.com/?p=13175 Another day, another data incident.  If you use DocuSign, you’ll want to pay attention. The provider of e-signature technology has acknowledged a data breach incident in which an unauthorized third party gained access to the email addresses of DocuSign users.   Those email addresses have now been used to launch a massive spam campaign.   By using … Continue reading Yesterday, #WannaCry. Today, #DocuSignPhish

The post Yesterday, #WannaCry. Today, #DocuSignPhish appeared first on The National Law Forum.

]]> Another day, another data incident.  If you use DocuSign, you’ll want to pay attention.

The provider of e-signature technology has acknowledged a data breach incident in which an unauthorized third party gained access to the email addresses of DocuSign users.   Those email addresses have now been used to launch a massive spam campaign.   By using the stolen email address database and sending “official” looking emails, cyber criminals are hoping that recipients will be more likely to click on and open the malicious links and attachments.

DocuSign’s alert to users says in part:

[A]s part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email. A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

A portion of the phish in the malicious campaign looks like this:

Two phishing campaigns already detected and more likely

The DocuSign Trust Center has posted alerts notifying users of two large phishing campaigns launched on May 9 and again on May 15.

The company is now advising customers NOT TO OPEN emails with the following subject lines, used in the two spam campaigns.

  • Completed: [domain name]  – Wire transfer for recipient-name Document Ready for Signature

  • Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature

We recommend that you change your DocuSign password in light of this incident as an extra measure of caution.  Also, DocuSign (and other similar services) offer two-factor authentication, and we strongly recommend that you take advantage of this extra security measure.

As always, think before you click.

The post Yesterday, #WannaCry. Today, #DocuSignPhish appeared first on The National Law Forum.

]]> 13175