Alerts and updates
Subscribe using the DocuSign Trust Center Alerts RSS feed URL: https://www.docusign.com/trust/alerts/feed.
Add an RSS reader extension to your browser (Chrome, Firefox), or enable via Outlook on a PC.
-
01/02/2019
The DocuSign Site certificates for Demo and EU are expiring. The renewal schedule has been posted here:https://www.docusign.com/trust/compliance/public-certificates
-
12/17/2018
DocuSign has observed a new phishing campaign that began the morning of December 17th (Pacific Time). The email purports to come from "DocuSign Signature and Invoice Service" using the email address docusign@hybels.com. The emails all have the subject:
"You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"
These emails contain links to a malicious Word document or Microsoft Excel Spreadsheet which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to spam@docusign.com and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
12/10/2018
DocuSign has observed a new phishing campaign that began the morning of December 10th (Pacific Time). The email purports to come from "DocuSign Signature and Invoice Service" using the email address docusign@qualitybumper.com. The emails all have the subject:
"You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"
These emails contain links to a malicious Word document which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to spam@docusign.com and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
11/29/2018
DocuSign has observed a new phishing campaign that began the morning of November 29th (Pacific Time). The email purports to come from "DocuSign Signature and Invoice Service" using the email address docusign@jeffhartmd.com. The emails all have the subject:
"You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"
These emails contain links to a malicious Word document which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to spam@docusign.com and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
11/13/2018
The DocuSign Entrust certificate is up for renewal. The schedule for the renewal has been posted here: https://www.docusign.com/trust/compliance/public-certificates
-
10/29/2018For the customers that explicitly allow internet addresses advertised by our service, please note that DocuSign has updated its IP address range as posted here: https://www.docusign.com/trust/security/features-configurations
-
10/17/2018
DocuSign has observed a new phishing campaign that began the morning of October 17th (Pacific Time). The email purports to come from "DocuSign Signature and Invoice Service" using the email address docusign@vjfoods.com. The emails all have the subject:
"You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"
These emails contain links to a malicious Word document which, if run, will download malware to your computer. These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to spam@docusign.com and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
09/19/2018
DocuSign has observed a new phishing campaign that began the morning of September 19th (Pacific Time). The email purports to come from "DocuSign Electronic Signature" using the email address docusign@buckeye-express.com. The emails all have the subject:
"You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"
These emails contain links to a malicious Word document. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to spam@docusign.com and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
09/12/2018
Apache issued a security alert on August 22nd, 2018 for Struts, an open source framework for creating Java web applications. Under specific configuration there is possibility of Remote Code Execution that can be exploited by visiting a crafted URL.
DocuSign does not use Apache Struts within our DocuSign services or our Digital Transaction Management platform.
For more information, you can reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11776 or https://struts.apache.org/docs/s2-057.html.
-
09/04/2018
DocuSign has observed a new phishing campaign that began the morning of September 4th (Pacific Time). The email purports to come from "DocuSign Signature and Invoice" using the email addresses docusign@talourd.com. The emails all have the subject:
"You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"
These emails contain a malicious PDF attachment linking to a malicious download site. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to spam@docusign.com and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
08/22/2018
DocuSign has observed a new phishing campaign that began the morning of August 22nd (Pacific Time). The email purports to come from DocuSign using the email addresses docusign@vsimportservices.com. The emails all have the subject:
"You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service"
These emails contain links to a malicious Word document. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to spam@docusign.com and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB).
-
08/07/2018
DocuSign uses the latest innovations and industry knowledge to keep our customers safe, but it takes awareness and dedication from everyone involved to reach maximum security. Read about our top pointers to help you stay safe online:
- Create complex, unique passwords and keep them secure: don’t write down or share passwords—and be extra careful when using public or shared computers.
- Take IT precautions to protect against spam: keep your anti-virus software up-to-date; provide trainings on phishing and fraudulent activities, etc.
- Be on the lookout for fraudulent emails and unsafe websites: proceed with caution when accessing unfamiliar emails and websites. Unrecognizable links, bad grammar and misspellings, and fake greetings can all be red flags that indicate a phishing email. For website safety, make sure “https” is in your browser address bar if you’re entering any personal information.
Remember: online safety starts with you. You’re the first and best line of defense in fighting online fraud. Learning how to identify and steer clear of phishing scams, social engineering attempts, and other types of online fraud is the best way to protect yourself and your information.
Visit our Security Resources page for more safety essentials, including our Combating Phishing white paper, to help keep you and the greater online community safe.