DocUSign is a service which provides users with the ability to sign documents electronically in the Cloud. NYU DocUSign can be used both internally and externally, and is particularly useful when people are working remotely. For more information on DocUSign at NYU, click here.
In addition to the commonly known signs of phishing such as misspellings, generic greetings, poor grammar . . .etc., some unique features to be on the lookout for are:
- The email should be sent from docusign.net. Please be reminded that email addresses can be spoofed, so confirmation of this alone will not guarantee that a message received is legitimate. The rest of the email still needs to be evaluated for legitimacy.
- DocUSign document URL’s always begin with https:// and contain docusign.net, which is visible when you hover over the embedded elements in the email message. Scammers have been known to send out DocUSign phishing emails using docs.google.com or feedproxy.google.com.
- Some of the DocUSign phishing messages send the document as an attachment (vs. a link) which DocUSign does not do.
- For documents requiring a signature, DocUSign links will read “REVIEW DOCUMENT”.
- Scammers have also uploaded documents with malicious links to real or stolen DocUSign accounts, so everything looks as it should, but the receipt of a document is unexpected. Scammers may also upload documents which have links that send you to malicious websites designed to steal your sensitive information or credentials.
- Please be reminded not to click embedded links or attachments in unexpected messages, instead contact the sender via a trusted (non email) means of communication to confirm the legitimacy of the message.
Recommended Best Practice:
To avoid possible phishing attempts, and the possible consequences associated with phishing such as malware installation, including spyware or ransomware, data loss, identity theft and more, it’s recommended that users access their documents directly from www.docusign.com, by entering the security code provided at the bottom of every DocUSign email.
DocUSign phishing may be reported to spam@docusign.com. If you have a question about a message you suspect may be phishing, or if you want to report a phishing attempt, you can email phishing@nyu.edu.
Resources:
Malwarebytes, How to spot a DocUSign phish & what to do about it
DocUSign, How to Avoid Phishing Scams