Scammers are using fake DocuSign emails to steal personal information by impersonating trusted organizations.

Key points

• The Tactic: Criminals send emails that look like legitimate DocuSign requests, often claiming you need to renew a professional license or sign an urgent contract.
• The Goal: Clicking the link in these emails often leads to fake login pages designed to steal your email credentials or prompts you to download malicious software.
• Spotting the Fraud: Always check the sender’s email address for suspicious domains (like foreign academic addresses) and be wary of unexpected requests that create a false sense of urgency.
• Safe Practices: Instead of clicking links in emails, log in directly to the official DocuSign website to check for pending documents, or verify the request by contacting the sender through a known, official phone number.
• Report It: If you receive a suspicious email, do not click anything; report it to your organization’s security team or the Federal Trade Commission at ReportFraud.ftc.gov.

Because digital signatures are a routine part of modern life, it is easy to click without thinking, which gives hackers an easy path to hijack your accounts and access sensitive personal or professional data. Taking a few seconds to verify the source of an email can prevent a major security breach.