Email Phishing Attacks
One form of cyber attack is phishing, a type of social engineering scam that attempts to obtain sensitive information using email fraudulently. A phishing attack starts with an email that appears to be coming from someone you typically do business with. Although it seems legitimate, you need to be highly vigilant. If the message format differs or includes red flags like poor grammar, syntax errors, broken links, etc., this could indicate a phishing email. It may be written with a sense of urgency or include a warning that your “account will be closed,” or your “access will be limited.” More recent attacks have been sophisticated enough to make it difficult to determine whether the message is legit.
Read the following description of the most current attack, and keep these same things in mind for future emails you might receive that look suspicious.
The easiest way to verify when in doubt is to call the sender directly and ask if they sent you the message!
DocuSign Phishing Attack Warning Signs
If you receive an unexpected DocuSign email and think that it could be a phishing scam, look for the following signs:
- You haven’t requested any documents: Be wary if you receive an email stating that you have documents to sign via DocuSign. If you haven’t requested any documents, it’s likely a phishing attack.
- You don’t recognize the sender: If the email comes from a name you don’t recognize, delete it. You shouldn’t be receiving signature requests from strangers. If individuals or businesses legitimately want you to sign a document, they should contact you beforehand, letting you know that a signature request is on the way.
- Be wary of links: You should never click on a link in a random email. Always check the URLs of those links before clicking. You’ll often find that they aren’t links to DocuSign but to other companies. That’s a sure sign of a scam.
- Watch for misspellings: Scammers often send their phishing attacks from email addresses that are similar but not exactly the same as those used by legitimate companies. For instance, instead of coming from an email address ending in @docusign.com, scam emails might come from ones ending with @docusgn.com or @docus.com.
See below for an example of a bogus DocuSign email: