DocuSign has observed a new phishing campaign that began the morning of April 27th (Pacific Time). The email purports to come from DocuSign using the email addresses noreply@docusign.delivery. The emails all have the subject:

"You have received a secure document via Docusign"

These emails contain a malicious Word document as an attachment, 3873JDSB987391.doc. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to spam@docusign.com and then delete the email immediately.

For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)