13.06.2017

DocuSign Hacked!

Electronic signature service provider DocuSign has admitted customer email addresses were accessed in a data breach

Customers of the DocuSign e-signature platform have been receiving a series of phishing emails from a "malicious third party" after their details were accessed in another high profile hack.

DocuSign have insisted that no other information other than email addresses were accessed in the incident and that the service was now secured.

Even so, the company have advised customers to delete any suspicious messages.

The breech was uncovered when the number of phishing attacks sent to DocuSign customers spiked.

What is Phishing?

The malware included in Phishing emails could be used to steal passwords and banking details.

"Phishing is almost the default way of tricking people into giving away that information," Keith Martin, professor of information security at Royal Holloway, University of London. 

"Where it's targeting a bank, for example, the senders are going to use headers and language that'll make customers believe it's their bank.

"With a generic phishing trawl, the message will go out and the more people who click the better - it's literally like fishing, hoping to get some bites, chucking a message out there speculatively.

"With most, you don't need a very high success rate to make money."

How did this happen?

DocuSign store the email addresses and documents that have been sent using their systems. This leaves the information stored vulnerable to attack.

How can this be stopped?

Frama RMail provides the same service but due to the unique method by which the system works, this could never happen with the RMail platform.

RMail does not store any information on its servers and as such there is no sensitive information to be hacked in to and/or stolen.

Contact Frama today for a truly secure system for encrypted digital communication and e-signatures.

Contact us

*Source BBC News, Forbes Magazine