What You Need to Know About a DocuSign Phish Attack

The success of a phishing attack relies on human trust and emoticon, which is why scammers use well known brand names to manipulate victims into providing their sensitive information, and this is exactly what happened with this type of attack.

DocuSign is a great service which enables people to sign documents in the Cloud. It’s convenient, cost effective and great for the environment, which is why hackers see it as an opportunity to create false identities to mimic this service with the aim of gaining access to sensitive information.

Signs of DocuSign phish attacks published by DocuSign:

  • Unknown or suspicious attachments or click links, DocuSign won’t ask you to open a PDF, office document or zip file in an email.
  • If there are embedded links in the email, hover over them to see if it says ‘docusign.net/’ and look for a ‘https’, anything else may be fake.
  • Access your documents directly from docusign.co.uk by entering the unique security code, which is included at the bottom of every DocSign email.
  • The use of the phrase ‘Dear Receiver’ is a clear sign of a fraud email as the organisation will always address you by name.
  • Poor grammar, misspellings, or generic greeting – keep in mind that these emails are designed to be sent hundreds or thousands of people so the tone of voice may be generic and too straightforward.
  • A false sense of urgency and/or demand – the attackers have the intention of trying to get valuable information so there may be an urgent task you have to do or to update information.
  • Incorrect logo and branding – DocuSign have changed their branding from the dark blue logo to an all-black logo with a consistent font (image below.)

If you’re not sure whether the email is real, ask yourself these questions:

  • Do you recognise the sender?
  • Do the email signature and the sender name/email address match?
  • Does it have the new and correct logo and branding?
  • Are there any spelling or grammar errors throughout?
  • Is it too generic?
  • Are there strong emotions or an urgency communicated?
  • Is it asking for you to provide your personal or login information?
  • Does the email address you by name or does it say ‘receiver’?

What a fake DocuSign email could look like:

This is just one of the many phishing methods used by attackers to utilise human trust and emoticon to psychologically manipulate the victim. Take these extra steps to better protect yourself against other social engineering attacks:

An example of a fake email claiming to be from DocuSign


Always check the source

For example, with an email, look at the email header and check against valid emails from the same sender. Look out for spoofed hyperlinks which can be spotted by hovering over them. Be sure to check the spelling as big organisations are very unlikely to have spelling mistakes or poor use of words and language. Lastly, if you’re ever in doubt you always have the option to go to their official website and get in contact with someone who will be able to confirm whether the email/message is official or fake.

Utilise a good spam filter

A good email program will have great spam filters which use various kinds of information to determine which emails are likely to be spam. They may detect suspicious files/links, have a blacklist of suspicious IP addresses or sender IDs, or identify the content of the message to be fake. If you find that your email program isn’t filtering enough spam emails you may want to alter the settings or change your email program to a more secure one.

Ensure your devices are secure

If you find yourself getting these emails a lot or even if you’re worried about other types of social engineering attacks, you may want to consider taking some time to put measures in place for cyberattack prevention.

  • Make sure your anti-malware and firmware software’s are up to date. Installing software updates not only allows you to access new features, but also puts you on the safe side in terms of security loopholes being discovered in outdated programs.
  • Try not to use the same password for different accounts. You may want to consider using a password manager to easily access unique and strong passwords.
  • Use two-factor authentication to double up on password protection for critical accounts. This might include voice recognition, use of a security device, fingerprinting, or SMS conformation codes.
  • Keep up to date with new cybersecurity risks, just like this DocuSign phish attack. Regularly reading our blog or following us on social media is an easy way to keep in the loop with cybersecurity risks and tips.

Think about your digital footprint

Attackers are always looking for any information that makes you an easy victim for these types of attacks. In some cases, over-sharing personal information online, such as through social media can help attackers. For example, many banks have ‘name of your first pet’ as a possible security question and if you shared that on social media for anyone to access, you may be vulnerable to an attack. You don’t need to be paranoid, just be careful and think like an attacker by considering the information they have access to, and how easy you’re potentially making it for them.


Keeping up with these new attacks and information about preventing them can make you feel overwhelmed and worried, but there is nothing to be worried about because if it is a legit service there will be other ways to contact them. You will always have the power of ignoring and not acting on these emails until you know it’s real. Click here to read DocuSign’s article.

For more advice on protecting your data, feel free to get in touch for a free consultation.