Skip to main content
Trust Center

Fraud Alert: "Callback" Scams Using Docusign Reporting Features

04/09/2026

We have identified and mitigated a scam where attackers misused legitimate Docusign system features, such as "Send Report", to bypass email filters. We have taken direct action to prevent this specific abuse and remain vigilant as attackers continue to evolve their tactics.

Because these notifications originate from official Docusign servers, they appear highly authentic. Attackers use urgent calls to action, such as cryptocurrency-themed unauthorized transaction alerts or security alerts, to provoke a call to a fake number listed in the email in an attempt to steal personal and financial information.

Here are examples of email subject lines:

  • Fraud transaction detected on your account BTC Call [PHONE NUMBER] Authority.

  • Critical Security Alert: Order confirmed. Microsoft Office Subscription. Call: [PHONE NUMBER] 

  • Fraud Warning: Your account reflects a 0.026 BTC transaction. For help contact: [PHONE NUMBER]

Here are some measures you can take to protect yourself and your data: 

  • Check the sender and the message: Be cautious of unexpected emails, even if they look like they are from Docusign, especially if they warn you about fraud or unauthorized transactions. Official Docusign workflow notifications will never include links that demand immediate action, such as requiring you to log in or provide a signature.

  • Check Your Account Directly: If you receive a “callback” email, do not click links or call numbers in the email. Scammers use these to trick you. Instead, go directly to the official source (e.g. crypto platform or wallet) using a separate, secure connection to check your account. A legitimate financial company will never ask you to transfer funds over the phone to "secure" assets.

  • Look for Red Flags: Be cautious of emails that demand immediate action, use generic greetings, or contain minor misspellings or poor grammar.

  • Report Suspicious Activity: If a Docusign notification seems like a scam or you're unsure of its authenticity, please report it immediately using one of these options:

  • Use the Docusign Report Abuse feature directly.

Submit a report directly to Docusign using our online web portal i-Sight.