How to Identify a DocuSign Phishing Scam

Getting an email from a well known brand produces trust and positive emotions in the recipient. It’s for this reason that scam artists use well known brands in email phishing attacks. Recipients are more likely to respond and click on the email if it appears to be from a well known and trusted brand. 


A recent example of a brand that is being used by scammers is DocuSign. Most people have used or heard of the brand because it’s commonly used to sign digital agreements and contracts online. 


For hackers there is the chance to mimic the company and gain access to private information they can use for their own gain. 


How to spot a DocuSign phishing scam 


There are a number of tell tale signs that the email may not be genuine. 


First, look to see if any attachments or suspicious looking links have been added to the email. A legitimate email from DocuSign will not contain files like PDFs, Word documents, or zip files within the email message itself. It’s important that you do not click on any suspicious links or attachments. 


Another sign to look out for is an impersonal greeting at the top of the email. A legitimate email from DocuSign would use your first name. A fake email might use something like, “Dear Recipient.” 


Other signals that the email is fake could be poor spelling and grammar in the email body copy, indicating the email has not been generated by a professional company like DocuSign.  


Scammers using phishing techniques often try to cause panic and insert a false sense of urgency in an attempt to get the recipient to act quickly without thinking about the danger of clicking on a link or attachment. 


Also look out for the correct and up to date branding. DocuSign previously used a dark blue logo but now uses a black design.



Always check the source


Check the email address the email was sent from. Does it look like a legitimate address from the corporation in question? 


Does the email header image look right? If you are not sure, compare it to previous emails from the company that you know are legitimate. 


You can also hover over any hyperlinked text to see which URL address it is pointing you to, make sure it is a genuine link. 


If you are still in doubt, you can always contact the company support staff and ask them to verify the email was sent by them. By doing this you will make sure you remain safe, but you could also potentially be highlighting a scam email they can investigate and warn others about. 


How to protect yourself against phishing attacks 


Most email programs will have spam filters built in to weed out suspicious emails that are either spam or blatant phishing attacks.


The filters work by detecting suspicious files and links embedded in the email. For any cloud enabled email clients, they will also likely have a list of blacklisted IP addresses and block emails sent from those addresses. 


If you need help to set up email spam filters for your email client software it’s worth contacting IT support for assistance. They can help set up the most secure email practices for you. 


It goes without saying that you should also have protection against cyberattacks on the devices you use, which could help limit any damage a phishing attack is able to cause.


This should include keeping your antivirus program up to date with the latest version and feature updates. You should also ensure that the latest available updates are applied to your PC and other devices such as smartphones, or IoT devices like Amazon Alexa. 


Where possible, always use different passwords for your accounts, including your email. Make sure your passwords are strong, not easy to guess, and are not written down in places they can be stolen. When available, you should enable  two-factor authentication with things like confirmation codes sent to your mobile number during login alongside your password. This makes it much more difficult for hackers to access your accounts. 


Keep in mind that hackers can look online for clues and information about your passwords, secret answers, date of birth and more. Social media sites can be an easy way to find personal details so be careful with how much information you share and who can access it. Social sites have privacy settings you can change to help minimise the risk.


About EC-MSP, your IT support partner

EC-MSP are one of the most trusted IT support providers in London. If you would like more help, advice and support with technology for your business, contact us today to see how we can help.