Docusign has observed new hybrid phishing activity where bad actors use an external email forwarding service to forward single maliciously crafted envelopes to large lists of recipients. The malicious emails appear to originate from Docusign and impersonate well known companies (e.g. Geek Squad, PayPal, Norton), but are actually being sent by a forwarding service. 

Activity matching this campaign can be reported directly to Docusign through our online web portal i-Sight. As a reminder, do not click on any email or attachment links from unknown or untrusted senders. See the Security Incident Reporting page for more information.