Daniel McShanag 21 September 2018 10:30:42 AEST 1 MIN READ

DocuSign brand spoofed in latest email brandjacking

Keep an eye out for the latest DocuSign email scam that was circulating Wednesday (AEST). Masquerading as a credit application, the subjects generally relate to a ‘Credit Card Application’ or a ‘Loan Application.’

The simple HTML email requests asks recipients to ‘Review your document’ and click the link to ‘Sign your file here.’


The link in the email actually takes you to a malicious ‘Invoice.doc’ hosted on GoogleDrive. Despite being a small targeted run, the use of the DocuSign branding is authentic in appearance and may trick unsuspecting and curious recipients.

In the emails intercepted by MailGuard, the sender(s) appear to be random.

Cyber-criminals frequently exploit the branding of global companies like DocuSign, such as in thise attack reported earlier this year: https://www.mailguard.com.au/blog/brandjacked-docusign-180326  

The good reputation and familiarity of DocuSign makes them an attractive target, and since their service requires users to click a link to download files, they are a convenient trojan horse for malicious attacks. 

For a few dollars per staff member per month, add MailGuard's cloud-based email filtering protection to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Stay up-to-date with new posts on the MailGuard Blog by subscribing to our email updates. 

Keep Informed with Weekly Updates