Docusign Email Scam Message

Fake DocuSign Email

• Check the Sender Address: Legitimate signature requests always originate from the @docusign.net or @docusign.com domains. Be wary of lookalike domains like @docusgn.com or generic providers like @gmail.com.
• Look for a Security Code: Every authentic DocuSign email includes a unique 32-character security code at the bottom.
• Verify Links Before Clicking: Hover your cursor over the "Review Document" button to see the destination. It should only point to a docusign.net or docusign.com URL.
• Beware of Attachments: DocuSign does not send documents as ZIP, HTML, or executable (.exe) attachments.
• Urgency & Generic Greetings: Scams often use threatening language ("Account suspended") or generic greetings like "Dear Customer" instead of your actual name.

Safest Way to Access Documents

If you are unsure about an email, do not click any links. Instead:

1. Open your browser and go directly to DocuSign.com.
2. Click "Access Documents" at the top.
3. Enter the 32-character security code from the email. If the document is real, it will load there; if not, the email is a scam.

Reporting a Scam

• Forward to DocuSign: Send suspicious emails as an attachment to verify@docusign.com. They typically provide an automated verification response within two hours.
• Report Abuse: Use the "Report Abuse" feature or the "Report This Email" link in the email footer.
• FTC: In the U.S., you can file a report at ReportFraud.ftc.gov.

If You Already Clicked

1. Change Passwords: Immediately reset passwords for your email and DocuSign accounts, as well as any other accounts that used the same credentials.
2. Enable MFA: Turn on multi-factor authentication (MFA) to provide an extra layer of security.
3. Scan for Malware: Run a full antivirus scan on your device.
4. Monitor Accounts: Check your bank statements and consider freezing your credit if you shared financial details.