Fraud and Security
Fraud and Security Alerts
Back to Fraud and Security Alerts
Phishers Purchase Stolen DocuSign Logins, then Impersonate Your Business
DocuSign is a great tool for managing electronic agreements and contracts with electronic signatures on various devices. Unfortunately, cybersecurity experts have seen an uptick in phishing emails that look very similar to legitimate DocuSign requests but are actually from fraudsters seeking to steal money.
It’s not DocuSign’s fault. Widespread adoption of the platform, combined with its trusted reputation, makes DocuSign a natural target, and cybercriminal tactics have gotten more sophisticated.
Most DocuSign phishing scams impersonate the real DocuSign platform’s emails to trick you into giving sensitive information, signing a document and/or making a payment. Sometimes scammers will even sign up for legitimate DocuSign accounts and use the service to appear reputable when sending you fraudulent documents or requests.
But more recently there’s been an even more complex and insidious pattern emerging.
Here’s how it works:
- Criminals Pick Targets
Scammers buy stolen DocuSign credentials on cybercrime forums and use them to snoop around stored contracts, vendor agreements and upcoming payment information. - Fake Requests and Invoices
They impersonate the company they hacked by sending fake emails to the company’s business partners, asking them to transfer funds to an account controlled by the cybercriminals. - Victims Lose
The unsuspecting recipient recognizes everything and assumes the request is legit. They process the payment – sometimes hundreds of thousands of dollars – because of faked DocuSign documents. And because the recipient is tricked into authorizing the transaction, it’s extremely difficult to retrieve the funds.
Hackers can also scoop up private information about upcoming mergers and financials, proprietary client lists and other sensitive data and use it to blackmail a company or demand ransom.
We’ve published articles in the past about business email compromise and why software, training and insurance are so important, but here’s a refresher on what to look for:
- Check the sender's email address: Authentic DocuSign emails always originate from the docusign.net or docusigns.com domains. Be wary of extra letters or variations (e.g., docusigns.net, docyousign.com)
- Note impersonal greetings and attachments and false sense of urgency as red flags: Phishing emails frequently use generic salutations (e.g., Dear Sir), whereas legitimate DocuSign emails address you by name. They often urge you to act quickly. And legitimate DocuSign emails do not contain attachments of any kind.
- Verify the security code format: DocuSign security codes are long and complex, like EA66FBAC95CF4117A479D27AFB9A85F01. Short or simple codes likely indicate a phishing attempt.
Quick Links
Protecting Your Privacy
Learn how we limit sharing of your personal information.
Stop Email Fraud
Help protect yourself against email scams.
Fraud and Security Alerts
Don’t Fall for Disaster Fraud
Why did the Commerce Department ban a cybersecurity company?
FBI Alert About Common Scams: Resources to Protect Yourself
Tips on Reporting Fraud
How to Report Identity Theft
Read this for steps you should take immediately.
Report a Lost or Stolen Debit/Credit Card
If you believe your Pinnacle debit or credit card is lost or stolen, call us immediately.
Finding a Legitimate ID Theft Protection Service
Depending on the services you want, you should be able to discover an option that fits your needs and your budget.