Sign in Subscribe
Security Topics

Email Security Threat: You Shouldn't Open or Sign that DocuSign

Wendy Howell

4 min read

Certain times of year bring about higher levels of specific scams. For example, after a natural disaster, emails claiming to help those affected and in need fill our inboxes and often times many of these emails are scams. Since we are in the heat of tax season, many of the recent email scams are related to digitally signing documents. DocuSign is a company commonly used so parties can get a document signed digitally by multiple parties in a shorter period of time than gathering everyone together or mailing documents.

An example of some of the recent scam emails I have received, all related to digital document signing which of course include hyperlinks.

This blog discusses the email security threat that can exist in emails stating to be a link to a DocuSign, or any digital, document.

Email Security Threat: You Shouldn't Open or Sign that DocuSign

The example image above shows some of the different emails received over the last couple of weeks that did not hit my Junk folder. Each of these is related to signing a digital document, after clicking on a link to who knows where of course. Without opening these, there's no way to know exactly if clicking the links would take me to a page asking for specific credentials, private information, or spawn a hidden installer for a piece of malware.

Here is some important information you need to know about why these scams work, and what you can do to protect yourself.

Why this specific scam can be effective

Digital document companies do exist and are used all the time by businesses and individuals. Anyone can receive an email from one of these companies with a legitimate request to digitally sign a document, they do not need to be a customer. Also, digital document signing can be used by anyone, meaning everyone can be a target.

Contrast this to getting spam emails about certain banks or media companies where if you are not a member you would never dream of opening the email.

Additionally, digital document signing companies never send the document in the email, as this can be less secure. Instead, they include a link to access the document through their interface. This also makes it easier for users to digitally sign the document as their application takes you through where you need to sign and allows you to choose a digital signature of your choice. This is much cleaner than having users download documents, try to figure out how to sign and scan or add a digital signature, then reupload the document.

Unfortunately, this also means users getting scam emails about digital documents would expect to click a link to an external website because that is how these sites legitimately work.

What you can do to protect yourself

There are several things you can do to protect yourself from these scams. First, question if you are expecting an email of this type. Have you entered into any contracts, work or agreements that would cause you to receive a document that needed to be signed? In my case, considering the sheer number of emails received related to this topic, it is obvious these are scams and not legitimate requests.

Second, if you are expecting to have to digitally sign a document, verify from the sender when you should expect the request to reduce your exposure. Additionally, request a follow up email, call or message be sent to you once the request has been sent to you so you know the request is legitimate.

Third, and possibly most importantly, check the information in the email carefully before clicking any links in it. Verify if the sender of the email is from the company it claims to be from. Check for incorrect logos, urgency, spelling, sloppiness in other ways like unusual buttons or information.

Below are some examples of what the email content looks like and how we knew they were scams:

In this example you can clearly see the email claims to be from DocuSign, but that is not the sender domain.

In this example you can clearly see the email claims to be from DocuSign, but that is not the sender domain.

In this example efforts are made to make the email seem legitimate, but the email sender was spoofed.

In this example efforts are made to make the email seem legitimate, but the email sender was spoofed, making it appear as though the email was sent internally.

In this example, the email claims to be DocuSign, but the sending domain does not match.

In this example, the email claims to be DocuSign, but the sending domain does not match. Additionally, the logo dimensions are not correct, and there is no padding around the text in the button with the external link.

As you can see in the examples, while there are many mistakes, there is often also an effort being made to comply with the standards the business they are mimicking would follow. In this case, there is often information at the bottom whose sole purpose is to convince you the email is legitimate and can be trusted.

Email scams are not new, nor are they going anywhere anytime soon. Scam emails about signing digital documents have recently increased in frequency. Before opening these emails, consider if you are expecting to sign a document. If you are expecting to sign a document, verify when you should expect it. Lastly, double-check the actual sender in the email, and check for other commonly made mistakes in email scams, before ever clicking the link. If you have any reservations at all, delete the email.

As always, knowing what kinds of scams are out there and how they work is the best way to protect yourself.

Sign up for more like this.

Enter your email
Subscribe