Our CEO recently received an email that looked like a legitimate email from someone asking for him to click a link to DocuSign to approve an invoice. He said it looked like it came from a cargo company that has been sending him emails (phishing) for weeks.
DocuSign has been used in the past (2016 and 2017) in phishing scams, so we want everyone to be aware it may be happening again.
In the past, the phishing emails have spoofed the DocuSign brand and have used subjects like “Completed: [domain name] – Wire transfer for recipient-name Document Read for Signature” and “Completed: [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature.”
The people that use phishing to lure victims are always becoming better at their craft. It is becoming more and more difficult to determine if an email is a phishing scam or if they are legitimate. Watch out for phishing in every message you receive. (Not just emails, but also text and phone calls can be used). They will ask for sensitive information, ask a lot of question and make you feel it is safe to give the information out.
Here are a few clues to look out for:
- If you don’t know the sender, be suspicious.
- Even if you know the sender, but are not expecting links or attachments from them and there is no personalized explanation of what’s inside, be very suspicious.
- If the sender is a business with which you have no current activity with, it could be phishing.
- If you do click a link or attachment and are requested to enter sensitive information, second-guess it.
- Look for incorrect use of language in which it is written and typos.
- Outdated logos and fonts and/or poor graphics quality.
- Any attempt to scare you, such as a threat that your account will be shut down unless you click a link.
- A link that seems to go to somewhere you don’t expect. (You can usually check it by hovering over the link and reading the URL that shows up.)
If you have already opened or clicked on something in an email and it did some damage or you entered sensitive information such as a payment card number or your social security number, be sure to follow up by diligently checking payment card charges and your credit report. If anything is suspicious, follow up and get it resolved right away.