Fraud Alert: Advanced Phishing Scams Leveraging Notifications

We have observed attackers executing sophisticated phishing scams that use a combination of workflow notifications from Docusign Maestro and external communication. The goal appears to be to trick recipients into believing they have an unexpected invoice or subscription renewal from a trusted corporation (such as Microsoft) and lead them to contact a fake support number to steal personal and financial information.

Here are some example subject lines:

• Your subscription remains active– Microsoft

• Your Microsoft Purchase Confirmation

How can I protect myself from these phishing attempts?

• Scrutinize the Sender and Content: Even if an email appears to come from a trusted domain like Docusign, be highly suspicious if the content involves an unexpected invoice or an unfamiliar subscription. Legitimate notifications from Docusign workflows will never contain a link to log into your account or for further action like a signature.

• Verify Independently: If you receive an unexpected invoice or purchase confirmation, do not click on any links or call any phone numbers provided in the email. Instead, independently navigate to the official website or service portal for the purported sender (e.g., Microsoft's official site) to check your subscription status or billing history.

• Look for Red Flags: Be wary of emails demanding immediate action, using generic greetings, or containing slight misspellings or poor grammar.

• Report Suspicious Activity: If you suspect a notification is a scam or are unsure of its authenticity, report it immediately through one of the following methods:

  • Use the Report Abuse feature directly.

  • Submit a report via our online web portal i-Sight.