DocuSign phishing emails: 4 signs of an attack, and how to protect yourself

Signing documents electronically saves time and makes it easier for people to close contracts, sign mortgage or other legal documents, and fill out tax forms without making trips to the bank, post office or other courier services like FedEx and UPS. But electronic signatures can also come with risks.

Scammers have launched phishing attacks designed to mimic emails from document-signature companies in an effort to trick people into giving up their personal and financial information.

And these phishing attacks could likely increase as the U.S. continues to deal with the COVID-19 pandemic. People are supposed to avoid face-to-face contact as part of social-distancing efforts. Signing documents online is a good way to avoid unnecessary contact during the virus.

But even after the pandemic passes, consumers will need to be aware of phishing scams tied to online signatures. These scams can expose the key financial information of consumers, and give cybercriminals access to bank accounts and online credit card portals.

Fortunately, consumers can avoid falling victim to these scams if they understand how to recognize some of the telltale signs of phishing emails.

What is a DocuSign phishing attack?

DocuSign is one of the better known providers of electronic signing services. By using the company's eSignature feature, you can electronically sign documents on just about any device and then send them to the companies or individuals requesting your signature.

DocuSign says that businesses and individuals use its service to exchange contracts, tax documents, and legal materials. Maybe you're buying a home. You can use DocuSign to sign your mortgage documents or home inspection reports. You can electronically sign a contract with an accountant who is completing your income taxes. You might rely on DocuSign to sign legal agreements when your small business is providing a service to individuals or other companies.

The problem with electronic signatures? They provide one more way for cybercriminals to attempt to steal your identity and your financial and personal data. 

In April 2020, for instance, DocuSign released a statement on its website warning consumers of a new phishing campaign. The phishing email claims to come from "DocuSign Electronic Signature" and uses the email address of docusign@milaromanoff.com. The subject line is usually a variant of "You received invoice from DocuSign Electronic Signature Service."

DocuSign said that the emails contain links to a malicous Word document that, if you run it, will download malware to your device.

In May 2020, the company released another phishing alert on its website. These emails, claiming to be sent from "DocuSign" or "Rebecca Campbell," come with a variety of subject lines. One might say "Your Docusign account is suspended," while another might say "Notification: You have received a document."

If you click on the links in the DocuSign phishing emails, you'll be taken to different websites that request you to enter personal and financial information. If you provide this information, you'll be sending it directly to scammers, who can then use it to access your bank account, credit card portals, and other key financial sites.
Here’s an example of what a phishing email might look like.

DocuSign phishing attack warning signs

There are several clues that a DocuSign email is a scam. 

1. You haven’t requested any documents. Be wary if you receive an email stating that you have documents to sign. If you haven’t requested any documents, it’s likely a phishing attack. 

2. You don't recognize the sender. If the email comes from a name you don't recognize, delete it. You shouldn't be receiving signature requests from strangers. If individuals or businesses legitimately want you to sign a document, they should contact you beforehand, letting you know that a signature request is on the way.

3. Check those links. You should never click on a link in a random email. Always check the URLs of those links. You'll often find that they aren't links to DocuSign but to other companies. That's a sure sign of a scam.

4. Watch for misspellings. Scammers often send their phishing attacks from emails that are close to but not exactly the same as those used by legitimate companies. For instance, instead of coming from email addresses ending in @docusign.com, they might come from ones ending with @docusgn.com or @docus.com.

Where to report phishing attempts

If you've received a phishing email, report it. You can send it directly to DocuSign at spam@docusign.com. 

You can also report phishing attacks to the Federal Trade Commission at ftc.gov/complaint and to the Anti-Phishing Working Group at reportphishing@apwg.org.

And if you’ve fallen victim to a phishing attack? You’ll need to act quickly. Contact your bank and credit card providers to inform them that you’ve fallen victim to an attack. You might need to cancel your credit cards and change your banking passwords. 

Check out this story for a complete list of what to do if you’ve fallen for a phishing attack.