Skip to main content
Trust Center

Fraud Alert: Spoofed Docusign Emails

06/01/2025

We've observed a variety of new phishing campaigns where malicious URLs are hidden in fake Docusign emails. These emails are spoofed to appear as if they've been sent from docusign.net or docusign.com, but they did not originate from our legitimate servers.

These fraudulent emails contain a link that leads to a malicious page, not an official Docusign website.

Examples of recent malicious URLs:

  • https://docspan[.]elegilegi[.]org

  • https://ciadaestampa[.]com

  • https://esgn[.]lxml[.]org

  • beautifulenergywithbtvloving[.]com

Examples of subject lines to look out for:

  • Document Shared [individual or business name]

  • Attention Required: Documents Pending review_Ref ID: [reference ID] Amendment to Agreement

  • Review & eSign Contract Amendment on 2025-09-04

  • You have a new secure document to review - REF# 73847942EB#YSHS

How can you tell if it’s fake?

  • Look for mismatched branding: The emails may use color schemes or branding that do not match Docusign's official look and feel.

  • Check the sender's email: The sender's email address should always come from a legitimate Docusign domain, such as Docusign.net.

  • Hover over links: Before you click, hover your mouse over the "Review Document" link. If the URL that appears does not point to a Docusign website, it is likely a scam.

What should I do if I get one of these?

  • Do not click on any links in the email.

  • Do not enter your login information on any fraudulent pages.

  • Report the suspicious email immediately to verify@docusign.com