Phishing scams shoot up after cyber attack on mortgage tech vendor

A company that provides digital document services for the mortgage industry has confirmed that a ‘malicious third party’ has gained access to as many as 100 million email addresses

Phishing scams shoot up after cyber attack on mortgage tech vendor
Digital signature company DocuSign has confirmed that a “malicious third party” has breached its system and gained access to as many as 100 million email addresses. Since the breach, there has been an uptick in phishing emails sent to DocuSign customers, according to the company.

DocuSign eSignature software, commonly used by mortgage companies, digitizes the signature process. The eSignature service was not accessed, according to the company. Nor did the breach access names, physical addresses, Social Security numbers or other sensitive information.

However, customer email addresses were accessed, and customers have received scam solicitations.

“The emails ‘spoofed’ the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software,” the company said in a statement.

DocuSign said that it took “immediate action” to prevent further unauthorized access to its system, and that it is working with law enforcement agencies on the incident. However, the company recommends that originators who use DocuSign take certain preventative steps “out of an abundance of caution.” These steps include:
  • Delete any emails with the subject line: “Completed: (domain name) – Wire transfer for (recipient name) Document Ready for Signature” or “Completed (domain name/email address) – Accounting Invoice (number) Document Ready for Signature.” These emails are not from DocuSign, according to the company. “They were sent by a malicious third party and contain a link to malware spam,” DocuSign said.
  • Forward any suspicious emails related to DocuSign to [email protected], then delete them from your computer. “They may appears suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like ‘docusgn.com’ without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net,” the company said.
  • Make sure your antivirus software is enabled and up to date.
For the latest information on the breach, visit the DocuSign Trust Site.


Related stories:
Data breach at top banking regulator exposes 10,000 records
Democrats target big banks for more details on data breaches