Credit Cards

Thank you for your continued loyalty to Puget Sound Bank. We appreciate your business.

Login Access

Online Banking (or SSO) ID



Phishing Scam Targets DocuSign Customers

You are here now : Puget Sound Bank > News > Alerts > Phishing Scam Targets DocuSign Customers

May 17, 2017 — DocuSign, Puget Sound Bank’s provider of electronic signature technology, acknowledged today that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems. DocuSign stresses that the data stolen was limited to customer and user email addresses.

A complete forensic analysis has confirmed that only a list of email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

During the week of May 8 and again the week of May 15, DocuSign detected an increase in phishing emails sent to some of their customers and users – and posted alerts on the DocuSign Trust Site and in social media. The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software. As part of their process in response to phishing incidents, they confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure.

A complete forensic analysis confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

DocuSign confirmed that only people with a DocuSign account were impacted by this incident – those who signed a document without a DocuSign account were not among the list of email addresses that were accessed maliciously.

They continue to work with various Law Enforcement officials and will provide additional updates as they complete the investigation.

Please contact the staff at Puget Sound Bank at 425 455-2400 if you have any questions, including if you have received a suspicious email.

DocuSign has provided the following FAQ:
Q: What actually happened?
A:
• Last week and again yesterday, DocuSign detected an increase in phishing emails sent to some of their customers and users – and they posted alerts on the DocuSign Trust Center and in social media.
• The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software.
• As part of their process in routine response to phishing incidents, DocuSign confirmed that their core eSignature service, envelopes and customer documents remain secure.
• However, as part of DocuSign’s ongoing investigation, yesterday DocuSign confirmed that a malicious third party had gained temporary access to a separate, non-core system used for service-related announcements.
• A complete forensic analysis has confirmed that only a list of email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

Q: Is my DocuSign envelope and data secure?
A: As part of DocuSign’s process in response to phishing incidents, they confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure.

Q: Has my instance of DocuSign been impacted?
A: DocuSign has no evidence that there is any impact to any instance of DocuSign, and as part of their process in response to phishing incidents, DocuSign confirmed that their core eSignature service, envelopes and customer documents remain secure.

Q: What information was impacted?
A: It was a list of email addresses stored in a separate, non-core system used for service-related announcements.

Q: Have the email addresses of my employees, customers or customers’ customers been exposed as part of this incident?
A: As part of our ongoing investigation, DocuSign can now confirm that no signers were on the list of email addresses that was accessed maliciously unless they had signed up for a DocuSign account. That could include direct DocuSign customers; someone who signed a document and elected to open a DocuSign account; or someone who signed up for a DocuSign freemium account – via docusign.com, through a partner integration, or via the DocuSign mobile client.

Q: How many people were affected? How many email addresses compromised?
A: Right now DocuSign is still acting on the results of our ongoing investigation and cannot comment on those details.

Q: What systems were impacted?
A: As part of DocuSign’s ongoing investigation, we confirmed that a malicious third party had gained temporary access to a separate, non-core system used for service-related announcements.

Q: Was any other information impacted outside of my email address?
A: A complete forensic analysis has confirmed that only a list of email addresses were accessed: no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

Q: How are you so sure only my email address was impacted?
A: A complete forensic analysis has confirmed that only a list of email addresses were accessed: no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed. DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

Q: What should I do about this?
A: DocuSign recommends taking the following steps to ensure the security of your email and systems:
• Delete any emails with the subject line, “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”. These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam.
• Forward any suspicious emails related to DocuSign to spam@docusign.com, and then delete them from your computer. They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like ‘@docusgn.com’ without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.
• Ensure your anti-virus software is enabled and up to date.
• Review DocuSign’s whitepaper on phishing available at https://trust.docusign.com/static/downloads/Combating_Phishing_WP_05082017.pdf

May 17th 2017 |