DocuSign Alert Summary

As a part of our commitment to providing excellent service to our members, Spirit of Alaska Federal Credit Union has used DocuSign, a company that allows us to collect signatures on mortgage loans from members who are not able to come to a branch.

Unfortunately, DocuSign has acknowledged that a breach of one of its computer systems, which hosted user email addresses, has allowed attackers to target and spoof (definition) DocuSign customers with fake emails. No other information was breached, solely email addresses.

There is a real possibility that Spirit of Alaska member’s email addresses are involved in this breach. These type of spoofed emails are known as a “phishing” attack. The sender email’s address is often masked and changed to a familiar or trusted address to complete the deception.

Example of the spoofed email:

What You Can Do in Response

Refrain from clicking any links or opening any attachments in a DocuSign email.

Please VERIFY with our Mortgage Department the legitimacy of any email you receive claiming to be from DocuSign. Contact us at 907-459-5974 or mortgage@spiritofak.com.

If you are expecting a document to sign:

Access your documents directly by visiting docusign.com and entering the unique security code included at the bottom of every legitimate DocuSign email.

If you are NOT expecting a document to sign:

If you receive an email from DocuSign, please notify us at mortgage@spiritofak.com immediately. In addition, DocuSign is asking people to forward any suspicious emails related to DocuSign to spam@docusign.com, and then to immediately delete the email(s).

More information on the spoofed emails

Malicious emails are being sent to breached addresses using DocuSign branding in the headers and body of the email. Upon clicking to “View Documents”, the email downloads a Microsoft Word document that harbors malware.

According to DocuSign, “[emails] may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings, contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.”

DocSign says it will never ask recipients to open a PDF, Office document or ZIP file attached to an email.

More information on ZDNet

Posted on: May 25, 2017

1 reply to “Member Alert: Verify DocuSign Email

  1. Lyle

    If everyone responded the way you guys have, we’d all be much better off concerning Cybersecurity in general. Detailed yet simple to understand. Thank you Spirit of Alaska!

Comments are closed.

e-Teller Login

Search

I need help with Member Alert: Verify DocuSign Email

We’d love to help! Just give us your name, phone number, and email address and we’ll contact you as soon as possible!

    For your security, do not include sensitive information, such as Social Security numbers or account numbers, in your message. If you need to communicate with us about sensitive information please use the Message Center in e-Teller, your online banking application, or call us during regular business hours so we can verify your identity. For other inquiries, send us a message here and we're happy to help!

I have a question

We’d love to answer your questions! Just give us your name, phone number, and email address and we’ll contact you as soon as possible!

    For your security, do not include sensitive information, such as Social Security numbers or account numbers, in your message. If you need to communicate with us about sensitive information please use the Message Center in e-Teller, your online banking application, or call us during regular business hours so we can verify your identity. For other inquiries, send us a message here and we're happy to help!

Leaving Our Website

Attention! You are now leaving the Spirit of Alaska Federal Credit Union website. We do not control the security or privacy practices used at the following website. Periodically, Spirit of Alaska Federal Credit Union's website may include information from third parties and/or links to other websites. Spirit of Alaska Federal Credit Union does not make any warranties, express or implied, regarding any third party information or links to alternate websites. In addition, Spirit of Alaska Federal Credit Union assumes no responsibility for the accuracy or reliability of the content provided by third parties. If you click "CONTINUE", an external website will be opened in a new browser window. If you click "CANCEL", you will be returned to the this website.