Alert: Phishing Campaign Observed, November 6, 2024

Docusign has observed phishing activity where bad actors are abusing Docusign APIs to send fake invoices (Norton, PayPal) that appear authentic. While, in the interest of security, we don’t disclose specifics that could alert bad actors to our prevention tactics, Docusign has a number of capabilities, technical systems and teams in place to help prevent misuse of our services. 

Activity matching this campaign can be reported to Docusign through our Report Abuse feature or directly through our online web portal i-Sight. As a reminder, do not click on any email or attachment links from unknown or untrusted senders. See the Security Incident Reporting page, How Docusign Users Can Spot, Avoid and Report Fraud, and Tools to Protect Your Data From Phishing for more information.