How to identify a Docusign Phishing attack and protect your business

In an ever-growing technological age, almost everything has an electronic alternative, including the signing of documents. As a result, Docusign phishing is on the rise. Signing documents electronically saves time and money, with the ability to simply email across contracts and other important documents as opposed to manually posting them or chasing the signee in person. From mortgage documents and tax forms, to employee contracts and car deals, everything has the ability to be signed electronically. However, along with the benefits, electronic signatures can also have risks. 

Why Now? 

Scammers are opportunists, which means they will always utilise any vulnerabilities in the current climate to their advantage. With this in mind, there has been a significant rise in phishing attacks over the last 12 months due to the ongoing COVID-19 pandemic. 

With so many of us now relying on the online world to keep us working, communicating, and completing everyday tasks like food shops, it is no surprise that the perfect scenario has been set for scammers. One of the most common phishing attacks this year is scammers mimicking emails from document-signature companies such as DocuSign to trick users into giving up personal and financial information.

DocuSign is one of the world’s leading electronic signing services providers. By using their eSignature feature, users have the ability to sign their documents on almost any device. Then also send the documents to whoever is requesting it. The process is fast, smooth, and usually very safe. However, naturally there has been an increased usage of the services over the past year due to businesses working from home and people needing to avoid face-to-face contact as much as possible. 

DocuSign Phishing Attacks 2020

As a result of these attacks, in April 2020 Docusign released a statement to warn people of this new phishing scam. The phishing email was claiming to come from Docusign, and the subject line is made to reflect this false information too. The company explained that the emails usually contained links to a dangerous Microsoft Word document that will download malware to your device if you run it. 

One month later in April 2020, the company realised another alert about another phishing campaign which was sending emails claiming to be from either a name or Docusign with subject lines that are likely to evoke a reaction from the reader. For example, one might say “Your Docusign account has been suspended” or “Notification: You have received a document inside”. The links within these harmful emails will navigate the user to different websites which request personal and financial information. Once provided, the information will be sent straight to the scammers who can use it to access your bank account and other financial sites. 

Warning Signs Of An Attack

Although it is hard to stop these phishing emails from being sent, you can ensure you do not become a victim of the scam by identifying whether or not the email is legit. Here are some top tips: 

  • You haven’t requested any documents to sign 
  • You do not recognise the sender’s name 
  • Check the URLs in the email – if they don’t go to Docusign, it’s likely the email is a scam
  • Look for typos in the text and the email address 

Contact Us Today

Cyber attacks and data breaches can be detrimental to businesses, so if you would like to ensure that your company is protected should you fall victim to a phishing attack, get in touch today. As one of the leading providers of Cyber and Data Breach Insurance, we can keep your company safe. 

Visit our website for more information on cyber security and how to protect your business.