New Phishing Campaign Identified, November 3, 2023

DocuSign identified a new phishing campaign through improper use of DocuSign where bad actors are sending envelopes impersonating HR departments. Customers can report envelopes matching this activity to DocuSign using the Report Abuse link at the bottom of the envelope email notification. For additional reporting options and information, please see our Security Incident Reporting page.

Here are some email subject-line examples to look out for:

• New Employee Benefit and Compensation & Salary Increment for your Review

• New Benefit and Compensation

• HR Sent you a document

• EMPLOYEE BENEFIT POLICY

As a reminder, do not click on any email or attachment links from unknown or untrusted senders. Customers should continue their own due diligence, and identify and report suspicious activity, including fraud/illegal activity. Please note that DocuSign's Terms & Conditions restrict us from disclosing user data. This means we do not respond to complainants with the investigation status or outcome.