Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Beware DocuSign Phishing Attacks

August 19, 2021

Make no mistake about it. Cybercriminals are not stupid. As many of the oldies radio stations used to say, the hits just keep on coming. These days, the cyber attacks just keep on coming. Many of us are used to seeing phishing campaigns using trusted names such as Microsoft, Apple and delivery notices from Amazon, FedEx, UPS, etc. The latest target “host” of phishing attacks is DocuSign. Malwarebytes posted some specifics about recently seen attacks using the DocuSign brand.

The best part of the post is the advice on how to spot the bad signs and what to do about it. The first sign is make sure the document is hosted at and not some other location such as Here are some observed examples of DocuSign phishing emails:

  • “Dear Receiver”? If the sender does not use your actual name, that is a red flag.
  • The security code is way too short.
  • DocuSign links will read “REVIEW DOCUMENT” if it is a document that needs to be signed.
  • An extra space in “inquiries , contact” and other sloppy spelling.
  • Document was hosted at, not

As more and more users improve their recognition of phishing emails, cybercriminals have modified their tactics. The frightening reality is that cybercriminals are now using real DocuSign accounts to get around most of the advice listed above. “As result, the recipient will receive a legitimate DocuSign mail with an existing and functional security code that leads to the malicious file.” Scary stuff. Sometimes, the best advice is not to click on anything. If you receive a DocuSign request that you weren’t expecting, pick up the phone and call the sender to verify it isn’t a phishing attempt.

Notice: The new RSS feed for Your IT Consultant is for those that wish to subscribe in a reader.

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology