We recommend that you use the “Alternate Signing Method” mentioned in legitimate DocuSign mails. Rather than trying to identify whether or not an email is bad, it’s often safer (and no less convenient) to assume it’s bad and ignore its links completely. Fake DocuSign invoice emailsĪ fake Microsoft login screen triggered by a fake DocuSign invoice Safe document access We’ve included some examples of DocuSign phishing campaigns below. Remember, if you’re in doubt, it is not stupid or rude to contact a sender by direct mail or another method, and verify the email’s authenticity (just don’t hit “reply”). You can read an exhaustive list of things to look out for, as well as addresses to report suspicious activity on DocuSign’s incident reporting page (although we recommend you simply opt for the safe document access option, described below). In the spam campaigns we have seen, documents were hosted at, , and some documents came as attachments, which DocuSign does not do.Īlso, the sender address should belong to, but that alone is not enough: We have seen spoofed messages coming from that address, so check for other indicators. If it is an actual DocuSign document it will be hosted at. Recipients can check links by hovering their mouse pointer over the document link in the email. Bad signs to look forĭocuSign phishing emails have many of the tell-tale signs of other phishing attacks: Fake links, fake senders, misspellings, and the like. Google searches for DocuSign almost doubled during March 2020, and stayed there, as so many people around the world started working from home.Įarlier this year, DocuSign specifically warned about phishing campaigns using its brand. It also cuts back on human contact, which is particularly useful for remote working, or when everyone is locked down in a pandemic. Signing documents electronically saves a lot of paper and time.
![malwarebytes google drive malwarebytes google drive](https://www.multcloud.com/screenshot/en/cloud-transfer/transfer-google-drive-to-onedrive.png)
Now you can add DocuSign to that list.ĭocuSign is a service that allows people to sign documents in the Cloud.
![malwarebytes google drive malwarebytes google drive](https://images.tokopedia.net/img/cache/700/hDjmkQ/2021/9/1/3f5086e2-9151-4e4c-aad5-c186d16f3cba.jpg)
And the brands phishers like most are the ones you’re expecting to hear from, or wouldn’t be surprised to hear from, like Amazon or DHL. Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off.