Skip to main content
Trust Center

Fraud Alert: Sophisticated Phishing Scams Exploiting Seasonal Themes

01/09/2026

We have recently observed reports of fraudulent emails that impersonate seasonal notifications from trusted brands, including Docusign. This activity is a form of external brand impersonation where scammers use seasonal themes, such as gift orders (e.g., wine deliveries) or year-end and year-start documents (e.g., related to benefits enrollment, tax forms, policy updates), to create a false sense of urgency.

Identify the risk

The goal of these emails is to trick you into clicking malicious links. These links may redirect you through multiple websites to a fake login page designed to steal your credentials or personal information.

What to look for

  • Inconsistent branding: Scammers may use a mix of current and legacy branding (e.g., the older DocuSign with a capital S). Watch for outdated logos, mismatched fonts, or formatting errors.

  • Suspicious senders: Always check the sender’s email address. Official notifications will only come from @docusign.com or @docusign.net. Exercise caution with any email claiming to be from Docusign that originates from an unofficial domain. Regardless of the sender, you should always be cautious of domains you do not recognize.

  • Unexpected content: Remain vigilant regarding any documents or signature requests you were not anticipating, and treat unsolicited emails with skepticism — even from a sender you believe you recognize. If you are in doubt, avoid interacting with the email and instead confirm the request is legitimate by contacting the sender through a verified phone number or a known, trusted email address.

Recommended action

  • Do not click: Avoid interacting with buttons or links in any unexpected suspicious email.

  • Verify independently: To safely access a document, go directly to docusign.com and enter the unique Security Code found at the bottom of the email using the Access Documents feature.

  • Report: If you receive a suspicious message, forward it as an attachment to verify@docusign.com for analysis. We will quickly provide confirmation indicating whether the content is legitimate or contains suspicious material, along with recommended next steps you should take. For business users, we also recommend reporting the incident to your security or IT department to ensure your organization is aware and can take any additional necessary precautions.