by Jon Lober | NOC Technology
For several years, scammers have been leveraging the growing popularity and convenience of online e-signature and contract platforms for their own illicit gains. Not surprisingly, the list of spoofed companies includes the most widely-used of them all—DocuSign. These fraudulent emails are particularly dangerous since many victims are already accustomed to trusting the platform with personal information - including social security numbers and bank routing numbers.
Here at NOC Technology, we continue to see variations on this phishing scheme. Take a look at an example of a DocuSign email phishing attack we received, how to identify a DocuSign scam, and how to report a DocuSign scam email appropriately.
Several NOC Technology users received an email from “DocuShared ® Review” with the subject line: “Action required: DocuShared ® to NOC email address.” Upon opening the email, the recipients discovered (what appeared to be) a very standard DocuSign email, complete with DocuSign’s recognizable wordmark logo, blue envelope screen, and yellow “Review Document” button.
At first glance, everything about this email seems normal. For someone unthinkingly handling DocuSign documents on a daily basis, or someone waiting for a document, it would be all too easy to click.
Although this scammer has put some real effort into getting this message through to a target’s inbox, trained observers will quickly recognize several indications that the email is a fraud.
Although our example email did not use this particular tactic, DocuSign has previously reported that emails including this content are likely spam.
In late 2023, DocuSign also reported a new phishing scam in which bad actors impersonate HR departments. Those scams include the following subject lines.
It's also worth noting that Docusign
changed their logo in April 2024. You can be sure that any genuine communication from the company will follow the new brand standards.
Once you have determined that the email in your inbox is not legitimate, take the following actions to protect yourself and others.
Unfortunately, this happens every day. (If it didn't work, cybercriminals wouldn't try.)
Time is now of the essence. Move quickly, to mitigate the damage caused by this fraud.
The
FTC maintains a helpful page of advice and resources for anyone that has fallen prey to a phishing scam and provides specific instructions for what to do in your particular dilemma. In many cases, you will have a better outcome if you respond as quickly as possible to the issue. Act quickly and seek professional assistance if you feel that the issue is beyond your ability to address.
Contact us
Existing Customers
IT Support Near Me
IT Support based in Franklin County, MO | 1816 Hwy A, Washington, MO 63090