Skip to Main Content

DocuSign Breach Leads to Phishing Emails Being Sent to Customers

DocuSign the company that allows users to electronically sign their documents has recently been breached and data about their customers has been exposed. Attackers are now using this information to send out Phishing emails to trick unsuspecting users into opening attachments, which leads to the installation of malware. The currently known subject lines of these malicious emails are:

  • Completed: [domain name] – "Wire transfer for recipient-name Document Ready for Signature"
  • Completed [domain name/email address] – "Accounting Invoice [Number] Document Ready for Signature"
  • Subject: “Legal acknowledgement for [recipient username] Document is Ready for Signature

If you see an email with any of these subjects please delete it immediately, and if you accidentally opened the attachment, please contact IT Security ASAP at security@ucla.edu.

Please note that the attackers can easily change an email’s subject, so as a general precaution we recommend that you never open attachments from emails that you were not expecting. If you ever doubt the legitimacy of an email and its attachments, call the sender directly to confirm that they sent the email and its contents.