Lessons from the DocuSign Phishing Attack

May 5, 2017

DocuSign, a company that digitalizes the signature process and has been widely used throughout the real estate industry, confirmed that it fell victim to a phishing attack. Luckily, DocuSign took swift action to interrupt the attack and limit their access to information, has since increased security controls, and is working with law enforcement to try to find the source of the attack. The hacking otherwise could’ve had far-reaching consequences.

Best Practices related to the DocuSign hack:

  • Links sent by hackers containing likes to malware had the subject line, “Completed: [domain name]  – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”. DO NOT open these emails.
  • If you believe you were sent a suspicious email from DocuSign, you can forward it to spam@docusign.com and then delete it immediately. Emails with typos, mysterious attachments, links to another website other than https://www.docusign.comor https://www.docusign.net, or unfamiliar email addresses should be forwarded.

General Best Practices to Avoid Phishing Attacks:

  • Regularly update your anti-virus software and make sure that it is enabled
  • Before transferring funds to the seller, call them to verify the transfer method and authenticity of any changes in instructions that you received via email. Never rely solely on email. Do your due diligence and make the call.
  • Never email financial information. Such information should be communicated via a secure online platform.
  • Similarly, if you are entering financial information into an online web portal, make sure that the website is secure. If it is secure, the URL will begin with “https.” The “s” indicates that it is “secure.”
  • If you are unsure about a hyperlink in the email, type the URL into the navigation bar yourself instead of clicking it and being redirected. A malicious link could be mimicking a legitimate one to launch a phishing attack.
  • Never open attachments from a suspicious email address. They may contain malware that can attack your computer.

Lakeside Title Company: Your Secure Partner for Title Insurance & Closing Services

Don’t become a victim!  Our staff at Lakeside Title Company are vigilant. Verify wiring instructions are not compromised by calling your personal title company contact while you’re at the bank initiating a wire. Check, double check and triple check when wiring money to anyone. Lakeside Title Company relies on the latest technology and our experienced staff of title professionals to make sure funds are safe with Lakeside Title! We just need to make sure they get to us to protect them! Visit our homepage today to learn more about our services.