DocuSign scams
Avoid becoming a victim of a phishing email that appears to come from DocuSign or other digital signature application with these tips:
- Are you expecting the email? If not, do not proceed.
- Do you recognize the sender? If not, do not proceed. If yes, contact the sender separately using information you already have on file to validate. Leadership and colleague emails are often spoofed to trick you into acting.
- Do the email signature and the sender name/email address match?
- Verify that the message has the correct logo and branding. Office 365, DocuSign and other branding can often be spoofed to look real, so be careful!
- Is the look or tone of the email off from the norm, or does the email just seem odd?
- Are there spelling or grammatical errors? For example, is the sender email misspelled? It should come from @docusign.com, but a malicious link might end with @docusgn.com, @docus.com or @gmail.com.
- Is it asking for you to provide your personal or login information?
- Before selecting any link, check it. On your computer, hover over without selecting, or long pause on your mobile device to see the link. It should be recognizable.
- Is the request made to appear urgent? Always Pause and Validate and don’t be pressured to act quickly.
Share these tips with staff and colleagues. Do your part to #BeCyberSmart!
Visit the newly rebranded CTR Cyber page designed to provide resources to improve cybersecurity internal controls.