How to spot fake DocuSign Phishing attempts!

DocuSign is a service that allows people to sign documents in the Cloud. Signing documents electronically saves a lot of paper and time. It also cuts back on human contact, which is particularly useful for remote working, or when everyone is locked down in a pandemic.

DocuSign phishing emails have many of the tell-tale signs of other phishing attacks: Fake links, fake senders, misspellings, and the like. Recipients can check links by hovering their mouse pointer over the document link in the email. If it is an actual DocuSign document it will be hosted at docusign.net. Also, the sender address should belong to docusign.net

FAKE DocuSign Email Example

FAKE DocuSign Email Example

Signs:

• “Dear Receiver”? If the sender does not use your actual name, that is a red flag.
  The security code is way too short.
• DocuSign links will read “REVIEW DOCUMENT” if it is a document that needs to be signed.
• An extra space in “inquiries , contact” and other sloppy spelling.
• Document was hosted at feedproxy.google.com, not docusign.net.

Access Documents Safely

Rather than trying to identify whether or not an email is bad, it’s often safer (and no less convenient) to assume it’s bad and ignore its links completely.

We recommend that you use the “Alternate Signing Method” mentioned in legitimate DocuSign mails. If you get a DocuSign email, visit docusign.com, click ‘Access Documents’, and enter the security code provided in the email. It will have a format similar to this one: EA66FBAC95CF4117A479D27AFB9A85F01. (Don’t bother, it’s invalid.) If a scammer sends you a fake code it simply won’t work. There is no need to trust the sender, or the links in their email.