In past few days, I received five emails from contacts inviting me to click on a link to access DocuSign. My advice, DELETE, DON’T CLICK ON THE LINK. DocuSign was hacked by a third party that gained access to 100 million emails. It is using a phishing scam, and possibly sending malicious files. According to DocuSign, “no content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.”
You could be next. My advice, DELETE the email. DON’T CLICK ON THE LINK. If you are expecting contract documents… think twice before you click on links. If you open DocuSign, contact your IT admin and reset your Outlook password. I was lucky. Although I receive many emails from these contacts, I wasn’t expecting any contracts from them. I simply deleted the emails and now I am looking for more of this mischief. If I don’t respond to your email or open your attachment… don’t take it personally.
If I was attacked, enterprises have it far worse. RainKing Analytics believes that this could lead to a re-evaluation of bring your own device (BYOD) policies. Much like the response to the WannaCry Ransomware attack and the Google Docs Phishing scam, companies will need to increase their security efforts and invest in more security training for employees. In response to the DocuSign hack, it may also lead to a need for more effective security measures to prevent these attacks, as well as more frequent security assessments within organizations. Mobile Device Management (MDM) can help, but it seems like this is a good time to re-evaluate BYOD programs.