DocuSign has observed a new phishing campaign that began the morning of December 5th (Pacific Time).

The email comes from Tyrone Boulden (note: this name is likely to change) and was sent from the email address accounting@blueribbondisposal.com (note: this sender may change). The subject of the email will be either “Please DocuSign: Order Form for <domain>” or “Please DocuSign Your Debit Acknowledgement form” and it contains a link to a malicious Word document. Do not click the link in this email, instead please forward it to spam@docusign.com and then delete the email immediately.

For more information on how to spot phishing, please see our Combating Phishing white paper (3.3 MB).