DocuSign has observed a new technical support impersonation themed phishing campaign through improper use of DocuSign. Report improper use of DocuSignaccounts directly through the envelope email notification Report Abuse link or through the DocuSign i-Sight portal directly via this link (https://docusign.i-sight.com/portal/reportonline?lang=en_US&theme=DocuSign).

The envelopes are sent from a variety of senders and associated email addresses, many with the public outlook.com domain. Here are some examples of common email notification subject lines:

• MS Office 365

• Windows Defender purchased Order

• Order Successfully

• Complete with DocuSign: Bot Content (90).html

• Fire wall protection order successfully placed

NOTE: If you do not see activity matching the email notification when reviewing your DocuSign account, then the email is an imitation DocuSign attempt. Report imitation DocuSign attempts to spam@docusign.com. 

As a reminder, do not click on any email or attachment links from unknown or untrusted senders. All customers are also reminded that they should continue their own due diligence, identify, and report suspicious activity, including fraud/illegal activity. See the Incident Reporting page (https://www.docusign.com/trust/security/incident-reporting) on our Trust Center for more information. Customers should also continue to utilize their own organization’s security tools to investigate potentially malicious documents, links and notifications.

For more information on how to spot phishing, please see our Combating Phishing and Protecting Your Organization Against DocuSign Brand Impersonation white papers.