DocuSign Phishing Campaign

DocuSign Users at Risk

Attackers are sending fraudulent DocuSign emails
with links to an authentic-looking (but fake) DocuSign login page designed to steal your credentials. Once attackers have your username and password, they can do real harm to you or your organization.

They might try to:

Reuse your password to access other accounts Collect sensitive data about you Use your accounts to trick others into giving up sensitive information

Business man with stylus pen writing on digital notepad

They might try to:

Reuse your password to access other accounts Collect sensitive data about you Use your accounts to trick others into giving up sensitive information

What Do I look for

This is one example of the fake emails. There’s a wide variety of these malicious emails because DocuSign is used for so many purposes (legal, financial, employment, etc.)

Examine the Sender

Why would your company’s HR department use a different email domain (@refated.com)? Look for small details that seem off.

Look at Links

When you hover over a link, is the URL what you expect? This link takes you to blackberndental.ca. Is that really a page your HR team would use?

Consider Content with Context

Are you currently enrolling in benefits? Does your company typically use DocuSign? If the request seems odd, use caution.

Be careful of closings

Doesn’t this closing look like a real DocuSign email? Scammers often include official-looking text to trick you into thinking the email is legitimate.

How do I protect myself?

If you get an email asking you to log into DocuSign
  1. Looks legitimate: Call or send an instant message to your IT team, security team, or even your boss to verify the email. 
  2. Looks Suspicious: Report it to the appropriate people in your company.

Leave a Reply

Your email address will not be published. Required fields are marked *