Scammers can use DocuSign emails to send phishing links
Crooks have spoofed and abused email signature services like DocuSign to spam email inboxes with links to malicious websites.
A number of cybersecurity groups and companies have issued warnings in recent months about scams and phishing attempts using DocuSign, a service that allows users to electronically sign legal documents.
The remote working environment created by the COVID-19 pandemic has led to more legal agreements relying on electronic signatures, which in turn has boosted the use of DocuSign. Crooks have used DocuSign for phishing campaigns, attempts to steal personal information from unsuspecting users.
Are crooks sending phishing links through emails that appear to be from DocuSign?
Yes, crooks use emails from DocuSign or emails that look exactly like those from DocuSign to send phishing links.
WHAT WE FOUND
On September 7, DocuSign issued a warning alert regarding a phishing campaign that masks malicious links in documents shared in legitimate DocuSign emails.
A genuine DocuSign email will not contain any directly embedded files and will not directly link to malicious websites. But crooks can hyperlink to malicious websites in documents they ask you to sign, and you can click on those hyperlinks after downloading the file, which DocuSign gives you the option to do after signing, according to the messaging security company Avanan.
Normally, you can use a special DocuSign identification code to protect yourself from crooks, according to cybersecurity company MalwareBytes. The bottom of DocuSign emails contains codes that you can use directly on the DocuSign website to access the document you are supposed to sign. If no document appears when you enter the code, it means the email was fake and the links in it are likely phishing links.
But if the email is real and sent through the DocuSign system, it will still appear. Therefore, DocuSign recommends that you do not click on any links in documents without first hovering over the link to ensure that it begins with “https” and goes to the correct websites. DocuSign also recommends that you contact the person who sends you the document offline, not by email, if you don’t recognize the person who sent you the document or if you didn’t expect to sign a document anytime soon. .
While many fake emails claiming to be DocuSign can be spotted by their use of unusual email addresses, some scammers use techniques that allow them to disguise themselves as official DocuSign email addresses. DocuSign states that if an email has an attachment, it is not from them and is likely a scammer. Fake emails can also contain bad spelling, bad grammar, generic greetings, and bogus links.
More from VERIFY: Yes, scammers try to impersonate AT&T and many other companies in text messages