Skip to main content

May 12, 2021

DocuSign Ransomware Threat

Clinical Partners

If you receive an email that appears to be from DocuSign, please be aware there is a ransomware campaign sending fake emails made to look like DocuSign materials. If you click on “Sign Document” in the fake email, a malicious Word document will ask you to “disable protections.” If you do this, ransomware software is able to steal passwords from your network. Please follow these tips to protect yourself from malicious spam emails.

How can I tell if a DocuSign email is legitimate?

All legitimate DocuSign emails (also called envelopes) come from “@docusign.net.” If the sender has a different email address, it is not legitimate.

What if I clicked on the “Sign Now” button?

Once you click the “Sign Now” button, a malicious Word document will try to convince you to “disable macros.” Do not disable macros. There is never a reason to disable macros, whether it’s a DocuSign or a Word/Excel document. Close out and delete the email.

What other steps can I take?

In addition to checking and confirming the sender’s email address, it is also wise to follow up with the sender to confirm the DocuSign email is valid.

For more information about phishing and spam emails from DocuSign, click here.

Leave a comment

A valid CentraCare.com or CarrisHealth.com email address is required to post a comment. Your email address will not be shared publicly.