Docusign Scam Email
There is a wave of emails going around the web trying to phish in what looks like emails from Docusign.
Spot fraudulent emails and websites by checking for the following signs.
1. Fake links:
As described above, avoid fake links by accessing your documents directly from www.docusign.com using the unique security code found at the bottom of the DocuSign notification email.
Always check where a link goes before you click on it. You can hover your mouse over the link to look at the URL in your browser or email status bar (they should be hosted on docusign.com or docusign.net). A fraudulent link is dangerous and can:
- Direct you to a fake website that tries to collect your personal data.
- Cause you to download a virus that could disable your computer.
- Install spyware on your system. Spyware is an application that can enable a hacker to monitor your actions and steal any login IDs, passwords, or credit card numbers you type online.
2. A fake sender’s email address:
Fake emails may include a forged email address in the "From" field. This field is easily altered. If you don’t recognize the sender of a DocuSign envelope, contact the sender to verify the authenticity of the email.
3. Attachments:
DocuSign email requests to sign a document never contain attachments of any kind. DO NOT OPEN or click on attachments within an email requesting your signature. DocuSign emails only contain PDF attachments of completed documents after all parties have signed the document. Even then, pay close attention to the attachment to ensure it is a valid PDF file. DocuSign NEVER attaches zip files or executables.
4. Generic greetings:
Many fake emails begin with a generic greeting like “Dear DocuSign Customer.” If you do not see your name in the salutation, be suspicious and do not click on any links or attachments.
5. A false sense of urgency:
Many fake emails try to deceive you with the threat that your account is in jeopardy if you don’t provide immediate updates. They may also state that unauthorized transactions have occurred on your account or that DocuSign needs to update your account information immediately.
6. Emails that appear to be websites:
Some fake emails are made to look like a website in order to get you to enter personal information. DocuSign never asks you for personal information, including login, ID, or password in email.
7. Deceptive URLs:
Check the Web address. Just because the address looks OK, don't assume you're on a legitimate site. Look in your browser's URL bar for these signs that you may be on a phishing site:
- Incorrect company name. Often the web address of a phishing site looks correct but actually contains a common misspelling of the company name or a character or symbol before or after the company name. Look for tricks such as substituting the number "1" for the letter "l" in a Web address or transposing consecutive letters of the brand (for example, rea1estate.docusign.com instead of realestate.docusign.com or www.docusing.com instead of www.docusign.com).
- "http://" at the start of the address on DocuSign sign-in pages. A legitimate DocuSign sign-in page address starts with "https://" - the letter "s" must be included. So check the website address for any DocuSign sign-in page.
- Browser warnings. Your browser has ways of detecting certain types of malicious sites. Always heed these browser warnings, especially when they notify that the site or certificate cannot be trusted.
8. Misspellings and bad grammar:
While no one is perfect, fake emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes like this help fraudsters avoid spam filters.
9. Unsafe sites:
The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter personal data.
10. Pop-up boxes:
DocuSign will never use a pop-up box in an email as pop-ups are not secure.
Here is an example of a REAL DocuSign email:
If you think that you have received a fraudulent email, please contact DocuSign Security immediately at spam@docusign.com
and let EOI support (support@eoiservice.com) know so we can block these from our domain.