Hackers have done a pretty good job at impersonating DocuSign, a leading electronic signature company that many businesses rely on. Learn how to recognize and fight a recent DocuSign scam email that has already claimed thousands of victims.
How the DocuSign Scam Email Works
This scam is known as a phishing scam. A hacker cleverly disguises an email to be from DocuSign and encourages recipients to open link, .xls spreadsheet or a .doc file containing an important document.
However, the .doc file is not a document at all—it’s malware that immediately infects your computer and could potentially spread to your entire network.
What the Phishing Email Looks Like
It looks completely legitimate at a quick glance.
The sender is often from “DocuSign Signature and Invoice Service” with the email address docusign@hybels.com or something similar. It tells you that you “received/got invoice from DocuSign Signature Service,” which is attached. The email even includes the DocuSign logo and an emblem that says “Digitally signed with OpenTrust Protect & Sign.”
In other words, it’s extremely difficult to distinguish between the DocuSign scam email and a legitimate DocuSign email if you’re not paying attention.
How to Stay Protected
1. DO NOT Click Attachments or Links
If you receive an email that appears to be from DocuSign, do not click any attachments or links within it, just to be safe. There is a more secure way to see if it is legitimate.
2. Look for the Security Code
All DocuSign messages come with a unique security code, which is a long string of random numbers and letters. Any email with an attached document or link from DocuSign that doesn’t contain a code like this is a scam.
Even if it does contain a code, make sure you use it properly.
See the following screenshot for an example.
3. Enter the Code Securely
If an email does contain the security code but you’re still suspicious, DO NOT open the attached document or link just yet.
Instead, access your documents directly from DocuSign’s website. Click Access Documents and paste in the security code contained in the email. If the document is present on DocuSign’s website, it’s legitimate.
This is the best way to identify whether or not the email is real.
4. Don’t Fall for Impersonators
It’s possible that you receive a DocuSign scam email from someone you know, such as a coworker or client. In what’s known as a spear phishing attack, hackers impersonate people you know in order to build a false sense of trust and get you to click a spoof email attachment without thinking.
Don’t assume a DocuSign email is legitimate just because it has a familiar name on it. Again, view the document on DocuSign’s website to be sure.
5. Ask the IT Guys
If you have even the slightest bit of doubt that a DocuSign email is legitimate, even after testing the security code, just ask your IT team. Be safe, not sorry.
6. Dispose of the Email
Once you or your IT team has determined that the email is indeed a scam, forward it to spam@docusign.com and delete the email.
What if You Opened the Document?
Alert your IT Team
Once the document is opened, there’s a chance your computer and entire network could be infected.
Immediately alert your IT team to the issue. Don’t delay because you feel silly or embarrassed. Hackers are good at disguising emails and when you’re in the middle of a busy workday, you may open an infected document without thinking twice. It happens.
The earlier you tell the experts, the more easily they can control the damage.
Reset your Passwords
Resetting your passwords and enabling two-factor authentication on any accounts that allow it is the first thing you must do. It’s annoying, but yes, reset all of the passwords you’ve used to log into the computer you opened the document on.
It’s unclear exactly which type of malware the DocuSign scam email contains, but there are types that can siphon all of your sensitive data, even from other accounts you use, like your Gmail.
Update and Run your Antivirus
An updated antivirus will effectively combat most of the latest strains of malware. Make sure you have the latest version installed and run a scan on your computer.
The DocuSign scam email has been around for a while and doesn’t appear to be going away. The best way to combat it is to educate yourself and your team.
{{cta(‘732372f9-1981-481c-88af-248a1b9c79b2’)}}