There’s a very convincing email scam circulating at the moment, and it’s luring many professionals to give away their email passwords with fake DocuSign requests. If you receive it, DELETE IMMEDIATELY, and call the sender to let them know their email has been hacked.
The scam states that someone you know has sent a PDF, and the email appears to be a DocuSign document. Here are two examples of how the email might look:
If you’re savvy enough to check the email headers, the headers will confirm that this email really was sent from a legitimate email address. So, there’s no clear evidence that it’s a fake DocuSign request.
If you click the link in the email, it takes you to a “log in” window, that also looks quite legitimate:
There, you enter your email credentials, and voila! The scammer has everything they need to have free and easy access to your email account. From there, they can sell your email credentials, use your address to send fake DocuSign requests to others, and even gain access to your other online accounts (including bank accounts) by searching for other passwords, and utilizing websites’ forgot password features.
The scam doesn’t end there. Once the scammers have access to your email, their software goes in and starts sending fake DocuSign requests to everyone in your address book with the same phishing scam. But, it then covers its tracks by automatically deleting all the emails it sent. (But for most mail providers, you can still find these sent messages in the deleted folder.) To add insult to injury, if a person replies to the fake DocuSign email sent from your account, the software has set up an automatic email reply confirming that the email is legitimate!
If your email becomes infected, the first thing to do is change your email password. Be sure to use a strong password, that’s not a password you use anywhere else, and that includes numbers, letters, symbols, uppercase and lowercase, and that isn’t a real word. Then, feel free to contact Skepsis for additional help managing the fallout and securing your email going forward.