14:17 PM

DocuSign Phishing Scheme

Today we are seeing a phishing scheme in which there is a fake message from “DocuSign,” asking you to review a document. This message is a phishing scheme designed to capture your credentials and/or deliver malware. The actual sending address is from “@docusgn.com” instead of “@docusign.com”. If you hover over the “review document” link (which you should always do!), you’ll see that you’ll be visiting a website in Russia.

We have posted an example of this message along with an example of an actual DocuSign notice on the campus InfoSec website.


In some cases, Microsoft “quarantined” this message but the user, thinking it was an error, opened the message. Please use extreme caution when accessing quarantined messages.

Feel free to contact abuse@csusm.edu if you think a quarantined message may be a) quarantined in error and b) important.

Also, contact us right away if you received the phishing message and clicked the link.