Have you heard about the latest scam involving Docusign notifications? Cybercriminals are impersonating the trusted e-signature brand to trick people into giving away their personal or corporate data.
27 May 2025
•
,
5 min. read
Remember when signing official documents used to involve printing, scanning, and emailing? Thanks to cloud app providers like Docusign, the process has become much easier. However, with its widespread use, cybercriminals are now targeting Docusign to carry out phishing scams.
If you’re wondering how Docusign phishing works, it typically involves receiving a fake Docusign “envelope” email that prompts you to click on a link to review a document. This could lead you to a phishing site where you might be asked to enter personal or financial information. These attacks can not only compromise your data but also provide hackers access to corporate networks.
Recent examples of Docusign phishing scams include:
- Impersonating invoices from suppliers to trick companies into transferring money.
- Targeting suppliers with fake invoice scams impersonating US state and municipal agencies.
- Registering real Docusign accounts to send out legitimate envelopes spoofing popular brands.
- Spoofing Docusign emails to lead users to phishing login pages.
- Conducting refund scams to obtain personal and financial details.
Example of a scam abusing people’s trust in Docusign for data theft (Source: Reddit)
Protecting yourself from Docusign threats
Here are some steps you can take to safeguard yourself and your company from Docusign phishing:
- Verify destination URLs in Docusign emails before clicking.
- Look for security codes in legitimate Docusign emails.
- Avoid opening attachments in initial Docusign emails.
- Watch out for spelling and grammatical errors in emails.
- Enable multi-factor authentication for all corporate accounts.
- Use strong, unique passwords and a password manager.
- Implement a multi-layered security tool like ESET.
- Update policies regarding fund transfers and email security.
- Encourage reporting of suspicious Docusign-themed emails.
What to do if you become a victim
If you fall prey to a Docusign scam, take immediate action:
- Reset passwords and run malware scans on affected devices.
- Isolate compromised devices from the network.
- Monitor for unusual activity and potential data theft.
- Use the incident as a learning opportunity for employees.
Whether using Docusign for business or personal purposes, always stay vigilant against phishing scams that exploit your trust in electronic signing apps.
