DocuSign phishing emails: 4 signs of an attack, and how to protect yourself
March 09, 2022
Signing documents electronically saves time and makes it easier for people to close contracts, sign mortgage or other legal documents, without making trips to the bank, post office or other courier services like FedEx and UPS. But electronic signatures can also come with risks.
Scammers have launched phishing attacks designed to mimic emails from document-signature companies in an effort to trick people into giving up their personal and financial information.
These phishing attacks have grown ever so popular during the COVID 19 pandemic as people are supposed to avoid face-to-face contact as part of social-distancing efforts. Signing documents online is a good way to avoid unnecessary contact during the virus.
But even after the pandemic passes, consumers will need to be aware of phishing scams tied to online signatures. These scams can expose the key financial information of consumers, and give cybercriminals access to bank accounts and online credit card portals.
Fortunately, consumers can avoid falling victim to these scams if they understand how to recognize some of the telltale signs of phishing emails.
What is a DocuSign phishing attack?
DocuSign is one of the better known providers of electronic signing services. By using the company's eSignature feature, you can electronically sign documents on just about any device and then send them to the companies or individuals requesting your signature.
DocuSign says that businesses and individuals use its service to exchange contracts and legal materials. Maybe you're buying a home. Depending on where you live you can use DocuSign to sign your mortgage documents or home inspection reports. You can electronically sign a contract with an accountant who is completing your income taxes. You might rely on DocuSign to sign legal agreements when your small business is providing a service to individuals or other companies.
The problem with electronic signatures? They provide one more way for cybercriminals to attempt to steal your identity and your financial and personal data.
In April 2020, for instance, DocuSign released a statement on its website warning consumers of a new phishing campaign. The phishing email claims to come from "DocuSign Electronic Signature" and uses the email address of email@example.com. The subject line is usually a variant of "You received invoice from DocuSign Electronic Signature Service."
DocuSign said that the emails contain links to a malicous Word document that, if you run it, will download malware to your device.
In May 2020, the company released another phishing alert on its website. These emails, claiming to be sent from "DocuSign" or "Rebecca Campbell," come with a variety of subject lines. One might say "Your Docusign account is suspended," while another might say "Notification: You have received a document."
If you click on the links in the DocuSign phishing emails, you'll be taken to different websites that request you to enter personal and financial information. If you provide this information, you'll be sending it directly to scammers, who can then use it to access your bank account, credit card portals, and other key financial sites.
Here’s an example of what a phishing email might look like.
DocuSign phishing attack warning signs
There are several clues that a DocuSign email is a scam.
- You haven’t requested any documents. Be wary if you receive an email stating that you have documents to sign. If you haven’t requested any documents, it’s likely a phishing attack.
- You don't recognize the sender. If the email comes from a name you don't recognize, delete it. You shouldn't be receiving signature requests from strangers. If individuals or businesses legitimately want you to sign a document, they should contact you beforehand, letting you know that a signature request is on the way.
- Check those links. You should never click on a link in a random email. Always check the URLs of those links. You'll often find that they aren't links to DocuSign but to other companies. That's a sure sign of a scam.
- Watch for misspellings. Scammers often send their phishing attacks from emails that are close to but not exactly the same as those used by legitimate companies. For instance, instead of coming from email addresses ending in @docusign.com, they might come from ones ending with @docusgn.com or @docus.com.
Where to report phishing attempts
If you've received a phishing email, report it. You can send it directly to DocuSign at firstname.lastname@example.org.
And if you’ve fallen victim to a phishing attack? You’ll need to act quickly. Contact your bank and credit card providers to inform them that you’ve fallen victim to an attack. You might need to cancel your credit cards and change your banking passwords.
Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.