DocuSign is a trusted platform for signing documents electronically, but its popularity also makes it a prime target for phishing scams. Cybercriminals often impersonate DocuSign to trick users into clicking malicious links or sharing sensitive information. Here’s how to spot a DocuSign phishing email and how to protect yourself.
-
Imitation links
Avoid imitation links by accessing your documents directly from https://www.docusign.com using the unique security code found at the bottom of the DocuSign notification email.
Always check where a link goes before clicking by hovering your mouse over the link to review the URL (it should be hosted on docusign.com or docusign.net). An imitation link is dangerous and can:-
Direct you to an imitation website that tries to collect your personal data
-
Install spyware (which can enable a hacker to monitor your actions and steal login credentials) on your system
-
Cause you to download a virus that could disable your computer
-
-
Imitation sender email address
Imitation emails may include a forged email address in the “From” field, which is easily altered. If you don’t recognize the sender of or weren’t expecting a DocuSign envelope, contact the sender through communication channels outside of email to verify its authenticity. -
Attachments
DocuSign emails that request you to sign a document never contain attachments. Don’t open or click them within an email requesting your signature. DocuSign emails only contain PDF attachments of completed documents after all parties have signed the document. Even then, pay close attention to the attachment to ensure it’s a valid PDF file. DocuSign never attaches zip files, HTML files, or executables. -
Generic greetings
Many imitation emails begin with a generic greeting like “Dear DocuSign Customer.” If you don’t see your name in the salutation, be suspicious and don’t click on any links or attachments. Conversely, also be aware of highly personalized emails, especially if you do not know the sender or were not expecting the communication. -
False sense of urgency
Many imitation emails try to deceive you with the threat that your account is in jeopardy if you don’t provide immediate updates. As it relates to DocuSign, they might claim that unauthorized transactions have occurred on your account and it’s imperative that you update your account information immediately. -
Emails that appear to be websites
Some imitation emails are made to look like DocuSign or other websites to get you to enter personal information. DocuSign never asks you for personal information, such as login credentials, via email. -
Deceptive URLs
Just because the address looks OK, don’t assume you are on a legitimate site. Look in your browser’s URL bar for signs that you may be on a phishing site:-
Often the address of a phishing site deviates slightly from its legitimate counterpart: for instance, it might say docusing.com instead of docusign.com
-
Your browser can detect certain types of malicious sites—always pay heed to its warnings, especially when it notifies you that a site or certificate can’t be trusted.
-
-
Misspellings and bad grammar
While no one is perfect, imitation emails are often rife with bad grammar and misspellings. The errors could be intentional; such mistakes help fraudsters avoid spam filters. -
Unsafe sites
The term “https” should always precede any website that requests personal information (the “s” stands for secure.) If you don’t see “https,” you’re not in a secure Web session, and shouldn’t enter any personal data. A legitimate DocuSign sign-in page address always starts with “https://.” -
Pop-up boxes
DocuSign never uses a pop-up box in an email, because they aren’t secure.
If you receive a fake (spoofed) DocuSign themed email notification, report it to [email protected].
Click here to learn more about recognizing and reporting suspicious DocuSign emails.
Phishing scams are constantly evolving, but staying alert and informed is your best defense.