Email from DocuSign could be a phishing scam

On May 15 DocuSign, an electronic signature technology used at Purdue, said a third party had broken into its system and stolen a list of customer and user email addresses, which resulted in a massive malware phishing attack.

Users were sent an email with the subject line “Completed: docusign.com – Wire Transfer Instructions for [recipient-name] Document Ready for Signature.” The email contained a link to a Microsoft Word document with malware.

If you receive a similar email or emails with the subject line “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature” forward them as an attachment to abuse@purdue.edu and then delete them from your computer. 

In a statement the company advised that emails may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.

If you’re unsure about the legitimacy of the email, you can access your documents directly by visiting docusign.com, and entering the unique security code included at the bottom of every legitimate DocuSign email. DocuSign says it will never ask recipients to open a PDF, Office document or ZIP file in an email.

For additional information about how to spot a phishing scam, and free anti-virus software, check out the SecurePurdue website, http://www.purdue.edu/securepurdue.

Writer: Kirsten Gibson, technology writer, Information Technology at Purdue (ITaP), 765-494-8190, gibson33@purdue.edu

Last updated: May 17, 2017

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2015 Purdue University | An equal access/equal opportunity university | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at itap@purdue.edu.