Back 

DocuSign Safety

   read  

  Decrease Text Size Increase Text Size

  • You haven’t requested any documents. Be wary if you receive an email stating that you have documents to sign. If you haven’t requested any documents, it’s likely a phishing attack. 
  • You don't recognize the sender. If the email comes from a name you don't recognize, delete it. You shouldn't be receiving signature requests from strangers. If individuals or businesses legitimately want you to sign a document, they should contact you beforehand, letting you know that a signature request is on the way.  
  • Fake sender email address.  Fake emails may include a forged email address in the "From" field, which is easily altered. If you don’t recognize the sender of a DocuSign envelope, contact the sender to verify the authenticity of the email.
  • Check those links. You should never click on a link in a random email. Always check the URLs of those links. You'll often find that they aren't links to DocuSign but to other companies. Avoid fake links by accessing your documents directly from https://www.docusign.com using the unique security code found at the bottom of the DocuSign notification email.  Always check where a link goes before you click on it by hovering your mouse over the link to look at the URL in your browser or email status bar (they should be hosted on docusign.com or docusign.net).
  • Watch for misspellings. Scammers often send their phishing attacks from emails that are close to but not exactly the same as those used by legitimate companies. For instance, instead of coming from email addresses ending in @docusign.com, they might come from ones ending with @docusgn.com or @docus.com.
  • Attachments. DocuSign emails that request you to sign a document never contain attachments of any kind.  Don’t open or click on attachments within an email requesting your signature. DocuSign emails only contain PDF attachments of completed documents after all parties have signed the document. Even then, pay close attention to the attachment to ensure it’s a valid PDF file. DocuSign never attaches zip files or executables.
  • Generic greetings. Many fake emails begin with a generic greeting like “Dear DocuSign Customer.” If you don’t see your name in the salutation, be suspicious and don’t click on any links or attachments.
  • False sense of urgency.  Many fake emails try to deceive you with the threat that your account is in jeopardy if you don’t provide immediate updates. They may also state that unauthorized transactions have occurred on your account or that DocuSign needs to update your account information immediately.
  • Unsafe sites.  The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure Web session, and you shouldn’t enter any personal data. A legitimate DocuSign sign-in page address always starts with “https://” not “http://.”
  • Pop-up boxes.  DocuSign never uses a pop-up box in an email, because pop-ups aren’t secure.
examples of fake emails and web site











eFraud Prevention™, LLC