The Internet is a critical component to your business and to conducting business on the DocuSign Global Network. While most of us use the Internet for good, there are malicious third parties who try to take advantage of others through scams, malware, and viruses. In fact, antivirus vendors report that malicious code incidents have been increasing by as much 3600% per week recently. Much of this activity is in the form of spam emails and web sites attempting to impersonate trusted brands in an effort to take advantage of the relationship those brands have with their customers.
DocuSign’s top priority is to make your DocuSigning experience safe and secure. While most of us have antivirus software that protects us from scams and fraud, it’s always smart to take extra precautions whenever possible. You are the first and best layer of defense in combatting online fraud. Learning to properly detect and avoid online and email scams is the ultimate protection against fraud. Here’s how you can further protect yourself, your business, and your customers in the New Year:
- Learn to spot fraudulent emails and web sites: First and foremost, if you don’t recognize the sender of an email, contact the sender to verify the authenticity of the email. You can always check for the following signs that an email may be fake:
- Attachments: Emails requesting you to DocuSign a document never contain attachments of any kind. DO NOT OPEN or click on attachments within an email requesting your signature. DocuSign emails only contain PDF attachments of completed documents after all parties have signed the document – and that’s only when the sender has configured DocuSign to provide a completed PDF. Even then and with emails from outside of DocuSign, pay close attention to the attachment to ensure it is a valid PDF file. DocuSign NEVER attaches zip files or executables.
- Fake email addresses: If you don’t recognize the sender of a DocuSign envelope or an email, contact the sender to verify the authenticity of the email. Even if you do recognize the sender, note that fake emails may include a forged email address in the “From” field to make it look legitimate. When spam filters catch these emails they typically put “SPAM” at the beginning of the subject line to alert you.
- Deceptive URLs and fake links. Only enter your DocuSign user name and password on DocuSign pages, which begin with http://www.docusign.com or https://www.docusign.net. If you see an @ sign in the middle of a URL, there’s a good chance it is fake. Legitimate companies use a domain name (e.g. http://www.company.com). Even if a URL contains the word “DocuSign,” it may not be a DocuSign site. Always log in to your DocuSign account by opening a new web browser and typing in http://www.docusign.com or https://www.docusign.net. This same advice applies to any company or brand that you trust or do business with. Always check where a link goes before you click on it. You can hover your mouse over the link to look at the URL in your browser or email status bar. A fraudulent link is dangerous and can:
- Direct you to a fake website that also attempts to look legitimate and tries to collect your personal data.
- Install spyware on your computer. Spyware is an application that can enable a hacker to monitor your actions and steal any login IDs, passwords, or credit card numbers you type online.
- Cause you to download a virus that could disable your computer or have a broader impact on your systems.
- Keep your user IDs and passwords safe: Use a strong password that is difficult for others to guess and avoid birthdays, names, and pet’s names. Change your password frequently. Never write down your password or share it with others. Never provide your account logins or passwords, credit card numbers, or other personal information via email or to unknown parties. Note: DocuSign will never ask our customers for their password.
- Exercise caution using public computers: Public web browsers can cache personal data and store login and password details. Always log off of web sites and clear the browser cache to protect your personal information, passwords, and accounts.
- Ensure your anti-virus software is enabled and up to date: Make sure to update all of your systems, even home systems, with the latest security and anti-virus software to protect yourself, your business, and your customers.
If you receive a questionable or fake email, DO NOT OPEN ANY ATTACHMENTS. Instead, forward the entire email to the DocuSign Security team at: firstname.lastname@example.org, then delete it immediately from your mailbox.
Thank you for helping DocuSign fight spam.