What’s Happening
One of the latest rampant digital scams is email phishing from scammers imitating legitimate document management services like Docusign. These scams are spreading like wildfire and pose a serious threat. The emails look incredibly convincing, and often use company logos and branding to trick recipients into clicking. Once you try to sign in, scammers steal your login information and take over your email account, putting your personal data in immediate danger and targeting your contacts.
How They Do It
Emails are sent to contacts. The emails are sophisticated and use official logos, signatures and contact information so they appear to be legitimate requests. They typically request the user log in to a document management service to view a file or provide a signature.
The emails usually contain official logos and even letterheads or watermarks, as well as contact names you may be familiar with so that you’ll trust they’re official. Once you click, they prompt you to sign up or log in to what appears to be a legitimate document management services. When you provide your information, you’re turning over the keys to your email account.
How it Spreads
Once the scammers have access to your email they can email out the same scam to your contacts and the cycle continues. They can even reply using your email if anyone questions the emails they send.
How to Spot Scams
The best way to protect yourself from these phishing attacks is to stay vigilant about what you receive in your email. Though there are no “tells” that indicate whether an email is a scam, there are a couple of things you can look for.
Language that doesn’t sound right or sounds too urgent:
Unless your contacts actually talk like this, be wary of any language that sounds too robotic. Additionally, these scam emails will typically have a tone of urgency (see 2nd screenshot above).
Odd recipient lists or sender information:
“Undisclosed-recipients” is sketchy. Seeing anything like this in the email subject line and send info should raise red flags.
Unofficial links:
Official document management services use official links. For example, DocuSign requests start with https://www.docusign.net. If you hover over an email link and it isn’t an official https://www.docusign.net link, it’s not official. When in doubt, call the sender to confirm whether this request is legit.
Requests you weren’t aware of or don’t make sense
If you receive something from a contact you rarely interact with or someone that you haven’t been actively in contact with, that’s a red flag. Always reach out to your contact via phone if you receive a strange email from them.
What should you do?
Start by contacting the sender to confirm if they sent a request. This also alerts them to the scam so they can take action to lock down their email and report the scam. If you receive a document management phishing email from DocuSign, report it to spam@docusign.com immediately. If it’s from another company, reach out to them via their official website to report the scam. Finally, take time to reset and update your passwords with a new and secure password.
Are you an email phishing scam victim?
If you have questions or need assistance, reach out to us! We’ll be happy to help.
