DocuSign Confirms Hackers Gain Access to Email Addresses

May 16, 2017

DocuSign confirmed Tuesday that a malicious third party gained temporary access to a "non-core system" allowing it to steal email addresses.

According to DocuSign, non-public personal information was not accessed:

A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed.

DocuSign’s reported that its core e-signature service, envelopes and customer documents and data remain secure.

This confirmation followed an announcement by DocuSign that it detected an increase in phishing emails sent to some of its customers and users. The spoofed emails branded as if they came from DocuSign attempt to trick recipients into opening an attached Word document that, when clicked, install malicious software.  

The email addresses may be used to target those handling wire transfers. DocuSign recommended the following steps to ensure the security of your email and systems:

  • Delete any emails with the subject line, “Completed: [domain name]  – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”. These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam.
  • Forward any suspicious emails related to DocuSign to spam@docusign.com, and then delete them from your computer. They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com), contain an attachment or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.
  • Ensure your anti-virus software is enabled and up to date.
  • Review DocuSign’s whitepaper on phishing

Additional tips

  • Be wary of emails that ask you to view or download files from people you do not know.
  • Also be cautions of emails that ask you to view files on services that you do not subscribe to.
  • Hover your mouse over the URL of links contained in emails to check their destination address. Don’t click suspicious links. To log into a service, open a new web browser and type in the URL manually.
  • Be wary of services that ask you to provide log-in credentials for a number of different email providers. This is a trick scammers use to a widen their phishing net, allowing them to steal details from users.

Additional Resources


Contact ALTA at 202-296-3671 or communications@alta.org.

SoftPro, based in Raleigh, NC, offers a mature suite of products, designed specifically for the closing and title industry. Our mission is to serve our client base, with best-in-class products and services. Our products are modular so we don't force you to buy anything you don't need. You can always add on as your business grows. Unlike other software companies, we view the sale as the beginning of the relationship rather than the end. North American Title Insurance Company (NATIC) is a seasoned title insurance underwriter, helping title agents to achieve their individual business goals for more than 50 years. Today, the company conducts real estate settlement services in 39 states and the District of Columbia through a network of experienced, independent agents.