DocuSign is a helpful tool that many businesses use to digitally send, sign, and receive important documents or contracts every day. Recently, DocuSign has warned its customers about potential phishing campaigns involving compromised emails that appear to be sent from their domain.

These phishing emails may look like they’re coming from DocuSign, but they’re not. Their goal is to gather important information from you like your passwords or credit card numbers. In most cases, they’ll include a link where you can input your personal information.

Phishing scams like these are on the rise across all industries, which is why it’s so important for small business owners to stay vigilant. New data from the Federal Trade Commission revealed that they received fraud reports from more than 2.8 million consumers in 2021.

What should you do if you receive an email from DocuSign that asks for your personal information? Keep reading to learn more.

Recognizing DocuSign Scams

Scam Companies

How to Identify Legitimate DocuSign Emails

According to DocuSign, there are a few things to look for when identifying if an email is really coming from them. DocuSign customer envelope emails will always come from a “docusign.net” email. Additionally, most will contain a 32-character security code in the bottom portion of the email under the “Alternate Signing Method” section.

DocuSign’s website also states that on most of their emails, you’ll find a link that takes you to their official website to review your document. If you hover your mouse over the link in the email, without clicking on it, you can look at the URL. Legitimate DocuSign URLs begin with “https://www.docusign.net.” You may also see other prefixes from their server destinations, like:

  • na2
  • na3
  • na4
  • au
  • ca
  • eu

One example of this could be “https://na4.docusign.net.” This means, if you hover over the link in an email you received and a different web address appears, it may be a phishing link.

How to Identify Recent DocuSign Scam Emails

The recent DocuSign scam emails reference technical support. Many are coming from an “outlook.com” email domain. You may also see subject lines like:

  • ​​​​​​MS Office 365
  • Windows Defender purchased order
  • Order successfully
  • Complete with DocuSign: Bot Content (90).html
  • Fire wall protection order successfully placed​​​​​​​​​​​​​​​​​​

If you use DocuSign at your business, it’s important to share this information with your employees so they can identify and report a phishing email.

4 Steps You Can Follow to Report Scams to DocuSign

If your business identifies a potential scam email from DocuSign, you should report it immediately. Here’s how you can report it to DocuSign:

  1. Click “report this email” under the “stop receiving this email” section at the bottom of the email you received.
  2. This link brings you to the “report abuse” form where you can report illegal activity and fraud.
  3. Select “I believe this is fraudulent or contains illegal content” and click “Continue.” This will take you to the DocuSign portal, where you can file a report online. The portal can also be accessed directly.
  4. Once you’re in the portal, you can follow the prompts and provide details that DocuSign can investigate.

Information You’ll Need to Provide DocuSign for an Investigation

Once you’ve reported the scam email inside DocuSign’s portal, you’ll be asked to provide information, like your:

  • Full name
  • Contact information
  • Envelope ID or security code
  • Supporting documents like screenshots
  • Customer/sender name (business/individual) and email address
  • Any other known customer/sender identifiers (physical address, phone number)
  • Description of the incident
  • Other relevant information

Additional Small Business Scams to Watch out For

In addition to the DocuSign scam, it’s also important to watch out for these common scams and cyber attacks that target small businesses:

  1. Ransomware: This involves scammers sending a link to your small business via email that freezes up your computer system, when it’s clicked on. This type of attack is called ransomware because the scammer will then demand a ransom payment so you can regain access to your computer system/files again.
  2. Fake invoices: You or your employees receive an invoice in the mail and pay it not realizing it’s a fake vendor. These invoices are often for everyday items like office supplies.
Docusign scams

Tips for Avoiding Scams in Your Small Business

  1. Train your employees to recognize fraudulent emails and verify requests. If they receive a suspicious email, they can call their contacts directly. They can also start a new email chain with the company directly. Employees can also ask someone in legal to review requests that look like scams.
  2. Make sure your computers have updated software and operating systems for ransomware protection.
  3. Use virus protection software that includes ransomware coverage, so you can secure your business data.

Four Signs That an Email Is a Phishing Scam

In addition to the three tips above, you can also look for these four signs that an email is a phishing scam:

  1. Grammar mistakes
  2. Spelling errors
  3. Incorrect addresses
  4. Logos that are slightly off

Many scam emails have mistakes in them, if you look closely.

Phishing emails are just one of the common security risks that small businesses face today. When it comes to protecting your data, being proactive about identifying and reporting suspicious emails is essential.

Next Steps: Want to learn more? Sign up for the Small Biz Ahead newsletter to receive a weekly roundup of the latest tools, trends, and resources.