Uptick In Phishing Activity Observed, Jul 27, 2023
07/26/2023
DocuSign is experiencing an uptick in phishing activity through improper use of DocuSign. Report improper use of DocuSign accounts directly through the envelope email notification Report Abuse link or through the DocuSign i-Sight portal directly via this link (https://docusign.i-sight.com/portal/reportonline?lang=en_US&theme=DocuSign).
The most recent activity observed is sent from DocuSign DEMO accounts (dse_demo@docusign.net) using a variety of sender email addresses with public domains, for example abcdef1+123@gmail.com. The envelopes are often already completed and include the completed document as an attachment (.pdf) to the email notification. This tactic is meant to evoke a sense of urgency that is intensified by the mention of a financial transaction. The likely intent is to trick recipients into providing sensitive financial information through a link or by calling a phone number listed in the attachment.
Email subject line examples:
Your order is approved. Welcome to the Amazon family
Completed: Complete with DocuSign: Purchase Report 645456374FGDT.png
Completed: Signup_Order_delivered_amt_debited_ptrv8009785krp
Completed: Complete with DocuSign: Thank you for payment WEDR5656TRFEW.png
SUBSCRIPTION_renewal_2023_07_18_58648569-khpd-969743
Thank_you_for_signingup_with_us_infhrt7649ref0tqrjk_736950
Theme examples:
Amazon
Geek Squad
Norton
PayPal
Advance America
Invoice
NOTE: If you do not see activity matching the email notification when reviewing your DocuSign account, then the email is an imitation DocuSign attempt. Report imitation DocuSign attempts to spam@docusign.com.
As a reminder, do not click on any email or attachment links from unknown or untrusted senders. All customers are also reminded that they should continue their own due diligence, identify, and report suspicious activity, including fraud/illegal activity. See the Incident Reporting page (https://www.docusign.com/trust/security/incident-reporting) on our Trust Center for more information. Customers should also continue to utilize their own organization's security tools to investigate potentially malicious documents, links and notifications.
For more information on how to spot phishing, please see our Combating Phishing and Protecting Your Organization Against DocuSign Brand Impersonation white papers.