Campus members have reported recent phishing attempts impersonating DocuSign. The emails come from various senders and with different subject lines. If you receive an email matching the indicators below, the email is NOT legitimate.

Sender Email Address

The emails have been coming from random @gmx[.]com email addresses.

Sender Display Names

  • DocuSign Assistance
  • DocuSign Correspondence
  • DocuSign Info
  • DocuSign Notifications
  • DocuSign Service
  • DocuSign Sup
  • DocuSign Support
  • DocuSign Team
  • DocuSign Team Member
  • Support from DocuSign

Subject Lines

  • RE: Attached are the correspondence to be filled out by you provided by DocuSign
  • RE: Available are the file requiring your signature via the DocuSign application
  • RE: Featured are the contract requiring your signature using DocuSign
  • RE: Featured are the record ready for your signature delivered by DocuSign
  • RE: Included are the publication intended for your signature via DocuSign
  • RE: Included are the record for you to review and sign via the DocuSign application
  • RE: Included are the report ready for your signature delivered by DocuSign
  • RE: Listed are the manuscript to be signed by you delivered by DocuSign
  • RE: Presented are the publication requiring your signature delivered by DocuSign
  • RE: Shown are the correspondence awaiting your signature via DocuSign
  • RE: Shown are the publication awaiting your signature via the DocuSign service
  • RE: Shown are the record to be filled out by you via DocuSign

Example Phishing Email

Tips for Detection

  • Legitimate emails from DocuSign will come from an @docusign.com or @docusign.net email address. Any email purporting to be DocuSign that does not originate from those addresses is almost certainly a phishing attempt. Notice that this email comes from an @gmx[.]com address.
  • Legitimate DocuSign emails will have a unique security code. This allows you to go directly to DocuSign’s known website, docusign.com, click “Access Documents”, and enter the code.
  • Always hover over the link to ensure it goes to a docusign.com website before clicking. If you clicked a link, look in the web address bar in your browser to confirm you are on a docusign.com website. Look out for fake websites such as docusigm[.]net or docusign[.]maliciousite[.]com.
  • More info to identify imitation DocuSign emails: https://www.docusign.com/trust/security/incident-reporting https://support.google.com/a/answer/14718541