DocuSign, a service used to share, distribute and electronically sign important documents has detected an increase in phishing emails sent to customers/users. The recent phishing campaign delivers unsolicited email with either an embedded URL or an HTML, PDF or Word attachment redirecting users to a spoofed login page designed to steal login credentials. Compromised DocuSign credentials could cause the exposure of financial and other types of sensitive/confidential information.
Noted email subject lines in this phishing campaign are:
- Your DocuSign
- Payment Confirmation
- New secure message
- You have a new document to review and sign
Phishing emails received may come from: noreply@docusign.delivery
Recommendations
DocuSign advises users to look for the unique security code at the bottom of a DocuSign notification email (as shown below). All DocuSign envelopes contain a unique security code. The unique security code allows users to access documents directly from https://www.docusign.com/
Additionally:
- Never open unexpected attachments or provide account credentials via embedded links in unsolicited email. Before opening an unexpected attachment, verify the legitimacy of the message/sender via a phone call or another means of communication that does not rely on information appearing in the message received.
- Instead of clicking on an embedded link to enter your credentials, go to the organization’s secure website to enter your credentials.
- Enable MFA (multi-factor authentication) on all accounts for which it’s offered. MFA will protect you from the results of phishing or credential compromise by requiring a second layer of authentication via a device that you possess (e.g., a smartphone, cell phone, landline . . .etc)..
- For information on NYU MFA, which protects your sensitive information on NYU systems, please click here.