DocuSign has observed a new phishing campaign in which malicious URLs are being hidden in legitimate DocuSign envelopes.

The emails are being sent from a variety of senders and associated email addresses, many with the domains email[.]com or co[.]za. The emails reported have many closely related subject lines, including:

• “Important: AOL Email Deactivation Notice,”

• “Important: Microsoft Email Maintenance Request” 

• “Bank Confirmation”

• "INVOICE.pdf"

• "PAYMENTS.pdf"

• "STATEMENTS.pdf"

• "PAYMENT DUE.pdf"

• "TAX INVOICE.pdf"

Do not click on any email or attachment links from unknown or untrusted senders. All customers are reminded that they should continue their own due diligence and identify and report to DocuSign suspicious emails using legitimate DocuSign accounts and technology (securityaccountabuse@docusign.com), as well as suspicious emails spoofing the DocuSign brand (spam@docusign.com). Customers should also continue to utilize their own organization’s security tools to investigate potentially malicious documents, links and notifications.

For more information on how to spot phishing, please see our Combating Phishing and Protecting Your Organization Against DocuSign Brand Impersonation white papers.