What You Need to Know About DocuSign Phishing Attacks

The success of a phishing attack heavily relies on human trust and social engineering tactics. This is why scammers use well-known brand names to manipulate victims into giving up their sensitive information.

DocuSign is a great service which enables people to sign documents in the Cloud. It’s convenient, cost effective and great for the environment, therefore this option has grown in popularity. However, it has drawn in hackers as they see DocuSign as an opportunity to create false identities. By imitating this service, they can gain easy access to users’ personal information.

Signs of DocuSign phishing attacks published by DocuSign:

  • Unknown or suspicious attachments or click links. DocuSign won’t ask you to open a PDF, office document or zip file in an email.
  • Instead access your documents directly from docusign.co.uk. You can do this by entering the unique security code which will be at the bottom of every email.
  • If there are embedded links in the email. Hover over them to see if it says ‘docusign.net/’ and look for a ‘https’, anything else may be fake.
  • The use of the phrase ‘Dear Receiver’ is a clear sign of a fraud email. The organisation sending you the DocuSign will always address you by name.
  • Poor grammar, misspellings, or generic greeting. Keep in mind that these emails are designed to be sent to hundreds or thousands of people so the tone of voice may be generic and too straightforward.
  • A false sense of urgency and/or demand. Attackers will try to get valuable information from you, so they may request an urgent task or ask you to update information.
  • Incorrect logo and branding. DocuSign have changed their branding from the dark blue logo to an all-black logo with a consistent font.

If you’re not sure whether the email is real, ask yourself these questions:

  • Do you recognise the sender?
  • Do the email signature and the sender name/email address match?
  • Does it have the new and correct logo and branding?
  • Are there any spelling or grammar errors throughout?
  • Is it too generic?
  • Are there strong emotions or an urgency communicated?
  • Is it asking for you to provide your personal or login information?
  • Does the email address you by name or does it say ‘receiver’?

What a fake DocuSign email could look like:

This is just one of the many examples of DocuSign phishing methods used by attackers. They will create human trust and emotion to psychologically manipulate the victim.

An example of a fake email claiming to be from DocuSign

Steps to protect yourself from social engineering attacks

Always check the source 

For example, with an email, look at the email header and check against valid emails from the same sender. Look out for spoofed hyperlinks which can be spotted by hovering over them. Be sure to check spelling as large organisations are very unlikely to have spelling mistakes or use a poor choice of words. Lastly, if you’re ever in doubt you always have the option to go to their official website. Get in contact with someone who will be able to confirm whether the email/message is official or fake.

Utilise a good spam filter 

A good email program will have great spam filters which use various kinds of information to determine which emails are likely to be spam. They may detect suspicious files/links or have a blacklist of suspicious IP addresses or sender IDs. Sometimes they can also identify the content of the message to be fake and alert you. If you find that your email program isn’t filtering enough spam emails, you may want to alter the settings or change your email program to a more secure one.

Ensure your devices are secure from phishing attacks

If you find yourself getting these emails a lot, or even if you’re worried about other types of social engineering attacks, you will want to secure your devices. For the safety of your sensitive information, consider taking some time to put measures in place for cyberattack prevention:

  • Make sure your anti-malware software and firmware are up to date. Installing software updates not only allows you to access new features, but also puts you on the safe side. Hackers may be able to find security loopholes in outdated programs.
  • Try not to use the same password for different accounts. You may want to consider using a password manager to easily access unique and strong passwords.
  • Use two-factor authentication to double up on password protection for critical accounts. This might include voice recognition, use of a security device, fingerprinting, or SMS conformation codes.
  • Keep up to date with new cybersecurity risks, just like this DocuSign phishing attack. Regularly reading our blog or following us on social media is a helpful way to keep in the loop with cybersecurity risks and tips.

Think about your digital footprint

Attackers always look for information that makes you an easy victim for these types of traps. In some cases, over-sharing personal information online, such as through social media can help attackers. For example, many banks have ‘name of your first pet’ as a possible security question. So, if you shared that on social media for anyone to access, you may be vulnerable to an attack. You don’t need to be paranoid, just remain careful. Think about the exposed information hackers could access, and how easy you’re potentially making it for them.


Keeping up with new attacks and the information about preventing them may make you feel overwhelmed and anxious. But there is nothing to be worried about because if the DocuSign email is a legitimate service, there will be other ways to contact them. You will always have the power of ignoring and not acting on these emails until you know it’s real.

Click here to read DocuSign’s article.

For more advice on protecting your data, don’t hesitate to get in touch for a free consultation.