Published on: May 10, 2017
“Phishing” specifically describes the process by which a malicious person tries to find out sensitive information about you or your accounts using the a phishing email to try to get you to voluntarily provide information. They do this by creating fake websites and branding to get you to enter details online. They will try to get you to visit a malicious website via a link on that email.
A new Phishing email scam has come to our attention. Scammers have now started using Docusign as a mask to install their software on unsuspecting individuals.
Sample of a fake email
To a busy person it is easy to miss the tell-tale signs of an email scam as it is very close to an original Docusign email. Those that are on Office 365 will already have this picked up for them but other systems may not pick up that this is a scam.
Always hover over a link before clicking on it. Make sure that the email is from who it says it is by checking out the URL. Check where the link is taking you to without clicking, hover over it to have a look first. A legit Docusign email will always take you to the correct url / Docusign webpage to retrieve and view documents.
First and foremost, if you don’t recognize the sender of a DocuSign envelope and you are uncertain of the authenticity of an email, look for the unique security code at the bottom of the notification email. All DocuSign envelopes include a unique security code. If you do not see this code DO NOT click on links or open attachments within the email.
First and foremost, if you don’t recognize the sender of a DocuSign envelope and you are uncertain of the authenticity of an email, look for the unique security code at the bottom of the notification email. All DocuSign envelopes include a unique security code.
If you think that you have received a fraudulent email, please contact DocuSign Security immediately at firstname.lastname@example.org.
If there is a security code…
If there is NO security code…
Sample of a real Docusign email
As described above, avoid fake links by accessing your documents directly from www.docusign.com using the unique security code found at the bottom of the DocuSign notification email.
Always check where a link goes before you click on it. You can hover your mouse over the link to look at the URL in your browser or email status bar (they should be hosted on docusign.com or docusign.net). A fraudulent link is dangerous and can:
Fake emails may include a forged email address in the “From” field. This field is easily altered. If you don’t recognize the sender of a DocuSign envelope, contact the sender to verify the authenticity of the email.
DocuSign email requests to sign a document never contain attachments of any kind. DO NOT OPEN or click on attachments within an email requesting your signature. DocuSign emails only contain PDF attachments of completed documents after all parties have signed the document. Even then, pay close attention to the attachment to ensure it is a valid PDF file. DocuSign NEVER attaches zip files or executables.
Many fake emails begin with a generic greeting like “Dear DocuSign Customer.” If you do not see your name in the salutation, be suspicious and do not click on any links or attachments.
Many fake emails try to deceive you with the threat that your account is in jeopardy if you don’t provide immediate updates. They may also state that unauthorized transactions have occurred on your account or that DocuSign needs to update your account information immediately.
Some fake emails are made to look like a website in order to get you to enter personal information. DocuSign never asks you for personal information, including login, ID, or password in email.
Check the Web address. Just because the address looks OK, don’t assume you’re on a legitimate site. Look in your browser’s URL bar for these signs that you may be on a phishing site:
While no one is perfect, fake emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes like this help fraudsters avoid spam filters.
The term “https” should always precede any website address where you enter personal information. The “s” stands for secure. If you don’t see “https,” you’re not in a secure web session, and you should not enter personal data.
DocuSign will never use a pop-up box in an email as pop-ups are not secure.
[shareaholic app=”share_buttons” id=”12025595″]