We are seeing a particular piece of malicious spam making it's rounds that we would like to alert you to. The malicious email campaign includes the a subject that reads: "Please DocuSign this document: Contract_changes_08_27_2014.pdf" or "Completed: Please DocuSign this document : Confidential Company Agreement..pdf". Links within the email navigate you to non-DocuSign websites and includes a malware zip download. Sample of the email can be seen below:
Per Docusign, "Remember to always pay attention to the URL at the top of your DocuSign log-in. A DocuSign log-in page should begin with https://www.docusign.net. Legitimate DocuSign invitations to sign and completion emails also include a security code which can be entered into the "Access Documents" section of the .com site to securely access the document."
Please execute extreme caution if you receive an invitation to sign or view for an envelope you are not expecting or if you are not familiar with DocuSign's services. If you have received a copy of the malware spam email, DO NOT CLICK ANY LINKS or OPEN ANY ATTACHMENTS. Instead, forward the email to firstname.lastname@example.org and email@example.com and then immediately delete the email from your mailbox.
We are currently taking steps to adjust the filters on our end to capture similar emails going forward. If at anytime you are skeptical of an email you have received, please feel free to reach out to us for assistance. You can also find some additional steps on how to handle suspicious emails here. As we all have seen or heard, this type of malicious activity is becoming increasingly common, especially to organizations with established, trusted brands.
To receive email notices when new alerts are posted, please got to Forums > Using Redtail Email > Spam Alerts with Redtail's helpdesk and click the Subscribe option in the forum header above. Note: Make sure you are not within the actual article when selecting to subscribe as this will only subscribe to that particular article.
For a reference, see screen capture below: