DocuSign is experiencing an uptick in phishing activity through improper use of DocuSign. As a reminder, do not click on any email or attachment links from unknown or untrusted senders. Learn More
DocuSign is experiencing an uptick in phishing activity through improper use of DocuSign. Report improper use of DocuSign accounts directly through the envelope email notification Report Abuse link or through the DocuSign i-Sight portal directly via this link.
The most recent activity observed is sent from DocuSign DEMO accounts ([email protected]) using a variety of sender email addresses with public domains, for example [email protected]. The envelopes are often already completed and include the completed document as an attachment (.pdf) to the email notification. This tactic is meant to evoke a sense of urgency that is intensified by the mention of a financial transaction. The likely intent is to trick recipients into providing sensitive financial information through a link or by calling a phone number listed in the attachment.
Email subject line examples:
- Your order is approved. Welcome to the Amazon family
- Completed: Complete with DocuSign: Purchase Report 645456374FGDT.png
- Completed: Signup_Order_delivered_amt_debited_ptrv8009785krp
- Completed: Complete with DocuSign: Thank you for payment WEDR5656TRFEW.png
- SUBSCRIPTION_renewal_2023_07_18_58648569-khpd-969743
- Thank_you_for_signingup_with_us_infhrt7649ref0tqrjk_736950
Theme examples:
- Amazon
- Geek Squad
- Norton
- PayPal
- Advance America
- Invoice
NOTE: If you do not see activity matching the email notification when reviewing your DocuSign account, then the email is an imitation DocuSign attempt. Report imitation DocuSign attempts to [email protected].
Identifying imitation DocuSign emails and websites
As a reminder, do not click on any email or attachment links from unknown or untrusted senders. All community members are also reminded that they should continue their own due diligence, identify, and report suspicious activity, including fraud/illegal activity.
Docusign Incident Reporting page (https://www.docusign.com/trust/security/incident-reporting) on our Trust Center for more information. Community members should also continue to utilize Phish Alert Button security tools to investigate potentially malicious documents, links, and notifications.
For more information on how to spot phishing, please see DocuSign’s Combating Phishing page.