As you probably know by now, scammers love using the Internet to perpetrate frauds and trick innocent people into doing things that are harmful to their devices and/or their financial lives.
Some scams come and go, but others seem to hang around forever while occasionally changing up the tricks they use from time to time to keep us all off guard.
One such persistent scam targets folks who use the popular DocuSign “online agreement” service.
In a nutshell, DocuSign makes it easy to negotiate and sign various kinds of contracts and exchange official correspondence via the Internet. And it’s quite popular in the business world.
There are two primary types of scams targeting DocuSign customers that are making the rounds right now:
1 – DocuSign Phishing Emails
These are fraudulent emails that show up in your inbox with subject lines such as “Notification from DocuSign Electronic Service” or “Important correspondence for you via DocuSign“.
The bodies of these emails typically state that you need to log into your DocuSign account to review and take action on some type of important document.
Of course the email includes a handy link for logging into DocuSign, but if you click that link you won’t be taken to the DocuSign website.
Instead, you’ll be taken to a realistic looking, but fake knockoff of the official DocuSign site containing a fake login form.
If you take the bait and enter your login credentials you’ll end up handing them over to a hacker who will sign into your DocuSign account and use it to scam people in your name.
2 – Malware Delivery Scam
This variation of the fraudulent emails uses titles similar to the ones mentioned above, but the purpose of the emails themselves is quite different.
Instead of some text and a link, the email will contain an attachment consisting of either an HTML file or a Microsoft Office file.
Regardless of the file type, as soon as you open it your computer or Android device will be hit with an attempt to install malware on it.
Apple iOS users are more or less safe from these attacks given the way Apple designed iOS to resist viruses and most other forms of malware, but Windows and Android users are at great risk.
Both varieties of these scams always contain one huge red flag that will tip you off every time: A knock-off sender’s email address.
For example, instead of the sender’s email address being something like [email protected] it will be something like [email protected].
These fraudulent email addresses are very to spot. If the sender’s email address doesn’t include @docusign.com you will know right away that the entire message is both fake and extremely dangerous.
Bottom line: If you receive any type of email that appears to be from DocuSign you can safely assume that it’s fraudulent unless you were expecting to receive such an email on behalf of a prospective business partner or some other entity that you’re in the process of dealing with in some manner.
And even if you are expecting a message from DocuSign I strongly recommend that you carefully examine the sender’s email address to make sure the email really was sent from DocuSign (again, the email address will include @docusign.com).
And here’s one final tip: Senders will usually send the recipients a heads-up before they actually send out a document to be signed online. If you aren’t already expecting to receive one of these documents to sign you should be very skeptical even if the email appears to be 100% legitimate.