DocuSign is experiencing an uptick in phishing activity through improper use of DocuSign. Report improper use of DocuSign accounts directly through the envelope email notification Report Abuse link or through the DocuSign i-Sight portal directly via this link (https://docusign.i-sight.com/portal/reportonline?lang=en_US&theme=DocuSign).

The most recent activity observed is sent from DocuSign DEMO accounts (dse_demo@docusign.net) using a variety of sender email addresses with public domains, for example abcdef1+123@gmail.com. The envelopes are often already completed and include the completed document as an attachment (.pdf) to the email notification. This tactic is meant to evoke a sense of urgency that is intensified by the mention of a financial transaction. The likely intent is to trick recipients into providing sensitive financial information through a link or by calling a phone number listed in the attachment.

Email subject line examples:

• Your order is approved. Welcome to the Amazon family

• Completed: Complete with DocuSign: Purchase Report 645456374FGDT.png

• Completed: Signup_Order_delivered_amt_debited_ptrv8009785krp

• Completed: Complete with DocuSign: Thank you for payment WEDR5656TRFEW.png

• SUBSCRIPTION_renewal_2023_07_18_58648569-khpd-969743

• Thank_you_for_signingup_with_us_infhrt7649ref0tqrjk_736950

Theme examples:

• Amazon

• Geek Squad

• Norton

• PayPal

• Advance America

• Invoice

NOTE: If you do not see activity matching the email notification when reviewing your DocuSign account, then the email is an imitation DocuSign attempt. Report imitation DocuSign attempts to spam@docusign.com. 

As a reminder, do not click on any email or attachment links from unknown or untrusted senders. All customers are also reminded that they should continue their own due diligence, identify, and report suspicious activity, including fraud/illegal activity. See the Incident Reporting page (https://www.docusign.com/trust/security/incident-reporting) on our Trust Center for more information. Customers should also continue to utilize their own organization's security tools to investigate potentially malicious documents, links and notifications.

For more information on how to spot phishing, please see our Combating Phishing and Protecting Your Organization Against DocuSign Brand Impersonation white papers.