Alert: Phishing Campaign Observed, December 13, 2024

Docusign has observed an uptick in phishing campaigns in which bad actors try to lure recipients into taking action by pretending to be from HR and payroll departments, as well as various municipalities.

Examples of envelope content include:

• "City of <city name>"

• “Complete with Docusign: Payroll Summary.pdf”

• “Complete with Docusign: Remittance Advice.pdf”

• “<current Date>: <company name> US Employee Benefit Remittance and Payroll Review Approval.pdf”

• “Portfolio Purchase Agreement Approved. Kindly review and sign.”

The emails sometimes contain a QR code leading to a phishing page, and the envelope itself may contain another malicious QR code or URL. The phishing page will attempt to capture usernames and passwords with a fake login prompt.

Activity matching this campaign can be reported to Docusign through our Report Abuse feature or directly through our online web portal i-Sight. As a reminder, do not click on any email or attachment links from unknown or untrusted senders. See the Security Incident Reporting page, How Docusign Users Can Spot, Avoid and Report Fraud, and Tools to Protect Your Data From Phishing for more information.