eSentire White Logo

Security advisories | Feb 26, 2019

DocuSign Targeted Phishing Campaign

The Threat

A data breach has occurred at the electronic signature and digital transaction company DocuSign. The breach exposed customer email addresses to an unknown malicious threat actor. Attackers are leveraging stolen emails to send DocuSign-branded malicious phishing campaigns to clients.

eSentire customers are urged to exercise caution when handling any DocuSign-branded emails that arrive in their Inbox and access their documents directly from by entering the unique security code at the bottom of the email.

eSentire Response

  • eSentire is tracking the malicious links included in the phishing emails and adding them to the ‘block’ list on our Network Interceptor™ sensors.
  • If eSentire sensors observe successful malware infections, an alert will be issued (in accordance with our regular monitoring procedures).

Recommended Action

  • Hover over the link – URLs to view or sign DocuSign documents contain “” and always start with https.
  • Access your documents directly from by entering the unique security code, which is included at the bottom of every DocuSign email.
  • Do NOT open unknown or suspicious attachments, or click links – DocuSign will never ask you to open a PDF, office document, or zip file in an email.
  • Look for misspellings, poor grammar, generic greetings, and a false sense of urgency.
  • Enable multi-factor authentication where possible.
  • Use strong, unique passwords for each service – don’t reuse passwords on multiple websites.
  • Ensure your anti-virus software is up-to-date and all application patches are installed.
  • Contact the sender offline to verify the email’s authenticity, if you’re still suspicious.
  • Report suspicious DocuSign emails to your IT/security team and [email protected]

Additional Information

For the latest updates and alerts please visit:

Refer to this guide from DocuSign for more useful tips: