As of April 11, 2024, Docusign has a new look and feel, including a new logo. Please reference our Next Brand Chapter blog here for additional details.
Incident Reporting - Security Concerns
Docusign’s trust is top priority and reports of suspicious activity are taken seriously. It’s imperative that security concerns are shared with us to ensure issues are addressed timely and appropriately.
Quick Reporting Guide
What happened? | What should I do? | More Details | Resources |
---|---|---|---|
I received a fake (spoofed) Docusign themed email notification. I want to report a domain or URL impersonating Docusign. | Send an email to Spam@docusign.com. | Tools to Protect Your Data From Phishing Protecting your organization against Docusign brand impersonation | |
I want to report a suspicious Docusign envelope I received.
| Report the activity using Docusigns Report Abuse feature. | ||
I’m unsure if the activity I want to report is coming from Docusign | Send an email describing the activity or concern to | Other security concerns | |
I have a Docusign security concern not listed above. | |||
I have a request or concern regarding my personal data. | Submit a request through the Privacy Request Portal |
Types of security concerns
This page outlines the difference between imitation of Docusign via spoofing or impersonation used in phishing campaigns off platform and the improper use of Docusign customer accounts to commit fraud on platform — as well as the correct reporting channel for each.
Attempts to trick people into believing that emails are related to or from an actual Docusign customer account are imitation attempts. Conversely, concerns related to an actual Docusign customer account are considered fraud and improper use of our platform.
Imitation of Docusign
Our customers are the first line of defense against imitation of Docusign threats. Detecting cyber security issues quickly reduces the possibility of negative consequences. The information below explains how to detect cyber security threats via imitation (also called spoofing) and report them to Docusign’s information security team for investigation.
Dedicated threat reporting channels
Docusign has dedicated reporting channels based on the type of threat:
Docusign-themed imitation emails and websites: If you think that you’ve received a fraudulent email purporting to come from Docusign, forward the entire email as an attachment to spam@docusign.com and delete it immediately. If you identify a website imitation of Docusign, please copy and paste the URL into an email to spam@docusign.com for investigation.
Other security incidents and Docusign-themed threats for investigation: new cybersecurity threats occur regularly. To support Docusign information security and threat intelligence, report security incidents and Docusign platform threats to security@docusign.com.
Guidelines for identifying imitation emails and websites
If you don’t recognize the sender of a Docusign envelope and are uncertain of the email’s authenticity, look for the unique security code in the the bottom portion of the Docusign envelope notification email. If you don’t see the security code, don’t click on any links or open any attachments. Review our Combating Phishing white paper to learn more.
Image caption: Example of fake email address, old logo and imitation URL and old logo
Signs of imitation emails and websites
Imitation links
Avoid imitation links by accessing your documents directly from https://www.docusign.com using the unique security code found at the bottom of the Docusign notification email.
Always check where a link goes before clicking by hovering your mouse over the link to review the URL (it should be hosted on docusign.com or docusign.net). An imitation link is dangerous and can:Direct you to an imitation website that tries to collect your personal data
Install spyware (which can enable a hacker to monitor your actions and steal login credentials) on your system
Cause you to download a virus that could disable your computer
Imitation sender email address
Imitation emails may include a forged email address in the "From" field, which is easily altered. If you don’t recognize the sender of or weren't expecting a Docusign envelope, contact the sender through communication channels outside of email to verify its authenticity.Attachments
Docusign emails that request you to sign a document never contain attachments. Don’t open or click them within an email requesting your signature. Docusign emails only contain PDF attachments of completed documents after all parties have signed the document. Even then, pay close attention to the attachment to ensure it’s a valid PDF file. Docusign never attaches zip files, HTML files, or executables.Generic greetings
Many imitation emails begin with a generic greeting like “Dear Docusign Customer.” If you don’t see your name in the salutation, be suspicious and don’t click on any links or attachments. Conversely, also be aware of highly personalized emails, especially if you do not know the sender or were not expecting the communication.False sense of urgency
Many imitation emails try to deceive you with the threat that your account is in jeopardy if you don’t provide immediate updates. As it relates to Docusign, they might claim that unauthorized transactions have occurred on your account and it's imperative that you update your account information immediately.Emails that appear to be websites
Some imitation emails are made to look like Docusign or other websites to get you to enter personal information. Docusign never asks you for personal information, such as login credentials, via email.Deceptive URLs
Just because the address looks OK, don't assume you are on a legitimate site. Look in your browser's URL bar for signs that you may be on a phishing site:Often the address of a phishing site deviates slightly from its legitimate counterpart: for instance, it might say docusing.com instead of docusign.com
Your browser can detect certain types of malicious sites—always pay heed to its warnings, especially when it notifies you that a site or certificate can’t be trusted.
Misspellings and bad grammar
While no one is perfect, imitation emails are often rife with bad grammar and misspellings. The errors could be intentional; such mistakes help fraudsters avoid spam filters.Unsafe sites
The term "https" should always precede any website that requests personal information (the "s" stands for secure.) If you don't see "https," you're not in a secure Web session, and shouldn’t enter any personal data. A legitimate Docusign sign-in page address always starts with “https://.”Pop-up boxes
Docusign never uses a pop-up box in an email, because they aren’t secure.
Improper use of Docusign
Overview
Reports of customers violating Docusign’s Terms & Conditions are investigated as needed. This section outlines how to identify improper use of Docusign, how to report it, other pertinent information and additional resources.
As technology continues to advance and more companies shift to a digital environment, so do fraudsters. The rising trend means they may leverage Docusign’s reputation and trust to target unsuspecting victims. They are creative at finding ways to appear legitimate on the surface, which means fraudulent activity can even occur through a valid Docusign account. That’s why it’s important to exercise due diligence before providing sensitive information or sending money to anyone by any means.
If you believe you are a victim of fraud or suspect fraud on our platform, please read the following information and report it to Docusign.
What to report as improper use of Docusign
A customer suspected of fraud or illegal activity can be reported to Docusign if they are in violation of Docusign sites and services terms and conditions.
How to identify an email coming from a valid Docusign customer account
Docusign customer envelope notification emails will always come from @docusign.net email address and most will contain a 32-character security code in the bottom portion of the email under the “Alternate Signing Method” section as shown in the image below.
If you are suspicious of a Docusign envelope's authenticity, we recommend you access the envelope directly from docusign.com. For more information, visit our Alternative Signing Method Security Code Access page.
All Docusign envelope email notifications contain a link that takes you to the Docusign site to review the document. To review and verify that the link is directing you to a Docusign site, hover over it without clicking on it (see below). A Docusign site link will begin with “https://www.docusign.net”. The link may also include a prefix of one of our other server designations "na2", "na3", "na4", "au", "ca", "eu" or demo (e.g. https://na2.docusign.net).
IMPORTANT: Use caution when hovering over the link to avoid clicking on it.
What to do if you received a suspicious envelope
Remain vigilant if a request is received from a sender you do not recognize or if you were not expecting documents sent via Docusign. Fraudsters use various scam tactics to lure people into providing sensitive information or money. See the section below on Trends, tactics, activity and themes for more information.
Always use caution when clicking on links, even from within a Docusign document. Bad actors may leverage our product to phish recipients or send embedded malware. We ask that malicious links sent through a valid Docusign envelope be reported to us immediately for investigation at security@docusign.com.
How to report
Report suspicious activity directly to Docusign through one of the following preferred methods:
In the singing experience choose Other Actions to access the Report Abuse feature.
From Report this email link found in the envelope email notification footer.
If you don’t have access to the envelope or envelope email notification you can submit a report directly through our online web portal i-Sight (https://docusign.i-sight.com/portal).
What information is collected and why
Docusign collects critical details about the activity to effectively investigate and mitigate fraud on our platform. The information helps identify the account holder, related envelope activity and serves as evidence supporting any necessary actions, such as closing an offending account.
What we ask for:
Your full name and contact information
Envelope ID or security code
Supporting documents (attachments, screenshots, forms, etc.)
Customer/sender name (business/individual) and email address
Any other known customer/sender identifiers (e.g. physical address, phone number, etc.)
Thorough description of what happened
Other pertinent information
Trends, tactics, activity and themes
Trends and tactics to watch out for:
Too good to be true prices or offers
Site unseen rentals or sales
Tech support (pop-ups) or subscription renewal claiming affiliation to a well-known company
Loan offer or debt relief requiring upfront fees
Sense of urgency, harassment or threatening tactics
Job offers from businesses with little to no public information
Economic or hardship leveraging opportunities (e.g. pandemic, investment)
Be cautious of the following types of activity and themes:
Impersonation of an individual, business, financial institution, government or other organization
Elder exploitation
False affiliation claims
Improper solicitation of personally identifiable information (PII). Examples of PII include:
SSN or other national identification number
Date of Birth
Bank account number
Credit card number
Telephone number
Medical record number
Phishing/malware
Pyramid schemes
Prolific scams (employment, investment, lending, real estate, sales, tech support, travel, debt relief, etc.)
Please note that Docusign doesn't access envelope contents, even if authorized by the customer or recipient/complainant. Supporting evidence is often necessary to identify an offending account, substantiate the report and assess the severity of the violation. Evidence can be provided as a file attachment during the reporting process.
Follow-up report
How to provide more information
To provide additional information for a previously filed complaint, please return to the portal (https://docusign.i-sight.com/portal/reportonline?lang=en_US&theme=Docusign) to complete a follow-up report. To ensure the new information is linked to the original report, please have the reference number that was originally provided to you.
Investigation status and updates
Our Terms & Conditions restrict us from disclosing user data. This means we do not respond to complainants with investigation status or outcomes.
Fraud specific alerts
What not to report as improper use of Docusign
Misaddressed email notifications
A misaddressed email is not a clear indication of fraudulent activity. If you receive an envelope email notification in error, follow the Decline to sign instructions. Gmail users, visit the Gmail Help Center for more information on why you may be receiving wayward envelopes.
Imitation Docusign email notification (non-customer activity)
Do not report imitation Docusign emails including spoof or look-alike, as improper use of Docusign. Scammers may create look-alike email addresses/domains (e.g., docu-sign.com, docus1gn.com, docusigh.com, etc.) in an attempt to impersonate Docusign emails. Avoid imitation links by accessing your documents directly from https://www.Docusign.com using the unique security code found at the bottom of the Docusign notification email. To report imitation of Docusign, forward the email as an attachment to spam@Docusign.com.
Additional resources
Docusign
Report crimes
Docusign will not contact law enforcement on behalf of a potential victim. If you believe a crime was committed, report it to the appropriate authorities. Review the links below for some larger government agencies you should report to in addition to local law enforcement (city/state/province). If you are unsure, contact your local authorities for additional guidance.
United States (US) | |
Internet fraud or cyber crime (including spoofing and phishing) | |
Scams, fraudulent businesses or unwanted calls | |
Identity theft (visit the Identity Theft webpage for more information) | |
Non-US | |
International scams | |
Fraud and cyber crimes | |
Financial fraud scams (unauthorized firm or individual) |