Alert: New Phishing Campaign Observed, Mar 2, 2023
DocuSign has observed a new technical support impersonation themed phishing campaign through improper use of DocuSign. Report improper use of DocuSignaccounts directly through the envelope email notification Report Abuse link or through the DocuSign i-Sight portal directly via this link (https://docusign.i-sight.com/portal/reportonline?lang=en_US&theme=DocuSign).
The envelopes are sent from a variety of senders and associated email addresses, many with the public outlook.com domain. Here are some examples of common email notification subject lines:
MS Office 365
Windows Defender purchased Order
Complete with DocuSign: Bot Content (90).html
Fire wall protection order successfully placed
NOTE: If you do not see activity matching the email notification when reviewing your DocuSign account, then the email is an imitation DocuSign attempt. Report imitation DocuSign attempts to firstname.lastname@example.org.
As a reminder, do not click on any email or attachment links from unknown or untrusted senders. All customers are also reminded that they should continue their own due diligence, identify, and report suspicious activity, including fraud/illegal activity. See the Incident Reporting page (https://www.docusign.com/trust/security/incident-reporting) on our Trust Center for more information. Customers should also continue to utilize their own organization’s security tools to investigate potentially malicious documents, links and notifications.
For more information on how to spot phishing, please see our Combating Phishing and Protecting Your Organization Against DocuSign Brand Impersonation white papers.