Fraud Prevention

New breach prompts widespread phishing alerts

David Pollino
Fraud Prevention

Unfortunately you don’t have to look very far for signs major hacking incidents; I see them daily while monitoring news reports. This week DocuSign was one of the brands that became a victim.

Young business woman leaning in to look more closely at what's on her computer monitor.As you may have read, hackers breached the electronic-signature company’s systems and stole email addresses that were soon targeted with phishing emails. The actual number of stolen addresses is still unclear, according to Inc. But what is clear is the breach should be a reminder to us all about being vigilant while using email. (Full disclosure: Bank of the West is a customer of DocuSign.)

Follow updates from DocuSign

First, for customers of DocuSign or those who have used one of its products, you can check on updates and alerts from the company on its site. Similarly, business owners who use DocuSign can follow alerts at its Trust Center for questions or guidance on sharing relevant information with customers.

Second, customers who receive an email that looks like it may come from DocuSign (but actually from a domain such as “dousign.com,” “docusing.com” or “docus.com”) should be very careful. Do not open any attachments. Rather than opening the email or clicking any link in it, recipients should log in to their DocuSign account to access any relevant documents to sign.

Tips for identifying a phishing email

Here are several signs to help identify and avoid a phishing attempt.

1. If you don’t recognize the sender of the email, be on alert. If the sender of a DocuSign envelope is unknown and you doubt the email’s authenticity, look for a unique code — included in all DocuSign envelopes — at the bottom of the notification email.

  • If there is a security code, access your documents directly from the DocuSign site, using the unique security code.
  • If there is no security code, do not click on links or open attachments in the email. Report the incident ASAP to spam@docusign.com.

2. Check links before you click. You can hover over the link with your mouse to see the URL in your browser or status bar. The best way to protect yourself is to go to the vendor’s official site — whether it’s DocuSign or another company — and navigate to the appropriate area rather than clicking on a link.

3. If you receive a questionable email, contact the business directly to verify the message. For example, an email may have a generic greeting like “Dear DocuSign customer,” which can be suspicious if legitimate messages are usually personalized.

4. Check for grammar errors, misspellings, or missed words. These sorts of mistakes may actually help fraudsters avoid spam filters.

5. Beware of emails that are made to look like websites, with fields inviting you to enter personal information, such as a login ID, password, or Social Security number.

For more, please see my post “Don’t take the bait: Tips to help prevent phishing” or this brief video on phishing.

Read More ›

Every 40 seconds, ransomware wreaks havoc for businesses

David Pollino
Fraud Prevention
Screen showing red padlocks superimposed on various parts of the globe, nearly all continents.

During the past year, ransomware has become a more serious threat for businesses of all sizes.

Read More ›

The Internet of Things brings new conveniences, new risks

David Pollino
Fraud Prevention
Hand seen programming a wall-mounted tablet screen, with view into a bright stylish kitchen nearby.

Connected devices – the proliferation of which is known as the “Internet of Things,” or IoT – attract so many of us because they simplify tasks. But they also connect us to more security risks. I say that as an enthusiastic participant in the IoT phenomenon. I love being able to use my phone to […]

Read More ›

Tips for protecting the privacy of your data

David Pollino
Fraud Prevention
View over a computer user

It’s always a good time to consider and check on privacy of your data – whether for yourself or for your business.

Read More ›

With tax season comes heightened alert for fraud

David Pollino
Fraud Prevention
Man sitting in bright office while looking at his online tax information with paperwork nearby and a cup of coffee

Here are some basic tips and good practices as you get ready to file your annual income taxes.

Read More ›