Warning: ‘Review document’ email leads to a blank page

Posted by Akankasha Dewan on 26 July 2019 13:13:18 AEST

Australians are warned not to click a convincing fake ‘review document’ email which might contain a malicious payload.

First detected on Tuesday, the 23rd of July around noon (AEST), it appears the email is sent using a single compromised domain.

The email is presented as a pretty credible and well-crafted DocuSign fake notification. It informs recipients that ‘Unicoi State Park & Lodge’ has sent them a document. It asks recipients to review and e-sign the document in question. A button with a link is provided to do, titled ‘Review Document’. The recipient is also advised that ‘upon completion’, they with receive an email with a signed copy of ‘this Service Agreement’.

Unsuspecting recipients who click on the link are led to what is currently a blank page. However, it is important to note that malicious 3rd parties can use these links as a platform for future attacks. This page could potentially be used to host a malicious file download or phishing page.

MailGuard urges all recipients of this email to delete it immediately without clicking on any links.

Cyber-criminals frequently exploit the branding of global companies like DocuSign.

The good reputation and familiarity of DocuSign makes them an attractive target, and since their service requires users to click a link to download files, they are a convenient trojan horse for malicious attacks. 

Several techniques have been employed in this particular email to look like a genuine notification, including the usage of high-quality graphical elements such as DocuSign’s brand colours. The inclusion of the mention of the ‘Service Agreement’ after the document has been signed is another tactic to make the email look legitimate. All this serves to elicit a more confident response from recipients who think they are, in fact, clicking on a legitimate link to review a document.

This email also attempts to intrigue; telling the recipient that a new document has arrived creates a sense of curiosity. This motivates the recipient to click on the provided link right away, distracting them from checking the sending address of the email and looking out for any other errors.

What to look out for

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
  • Are from businesses you’re not expecting to hear from.
  • Ask you to click on any suspicious links.
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

One email

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. 
All criminals need to break into your business is a cleverly worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.


Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates



Topics: Xero

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all