A number of cybersecurity groups and companies have issued warnings in the past few months about scams and phishing attempts utilizing DocuSign, a service that allows users to electronically sign legal documents.
The remote work environment created by the COVID-19 pandemic has led to more legal agreements relying on e-signatures, which has in turn boosted DocuSign’s usage. Scammers have used DocuSign for phishing campaigns — attempts to steal personal information from unsuspecting users.
Are scammers sending phishing links through emails that appear to come from DocuSign?
Yes, scammers use emails from DocuSign or emails that look exactly like DocuSign’s to send phishing links.
WHAT WE FOUND
On Sept. 7, DocuSign issued an alert warning of a phishing campaign that hides malicious links in documents shared in legitimate DocuSign emails.
A real DocuSign email won’t have any directly embedded files and won’t directly link out to malicious websites. But scammers can hyperlink to malicious websites within documents they ask you to sign, and you can click on those hyperlinks after you’ve downloaded the file, which DocuSign gives you the option to do after signing, according to email security company Avanan.
Normally, you can use a special DocuSign identification code to protect yourself from scammers, cybersecurity company MalwareBytes says. The bottom of DocuSign emails have codes that you can use directly on the DocuSign website to access the document you’re supposed to sign. If no document appears when you put in the code, it means the email was a fake and the links in it are likely phishing links.
But if the email is real and sent through the DocuSign system, it will still show up. That’s why DocuSign advises you don’t click on any links in documents without first hovering over the link to make sure they start with “https” and go to the right websites. DocuSign also recommends you reach out to the person sending you the document offline — not by email — if you don’t recognize the person who sent you the document or you didn’t expect to sign a document anytime soon.
While many fake emails pretending to be DocuSign can be spotted by their use of unusual email addresses, some scammers use techniques that allow them to disguise themselves as official DocuSign email addresses. DocuSign says if an email contains an attachment, it’s not from them and is likely a scammer. Fake emails may also contain bad spelling, bad grammar, generic greetings and fake links.
DocuSign says you should report suspicious emails using a real DocuSign account and email to email@example.com, and you should report fake emails pretending to be DocuSign to firstname.lastname@example.org.