IMPORTANCE WARNING – DOCUSIGN EMAIL SCAM

Following on from the emergence over the weekend of a huge ‘ransomware’ attack which impacted over 150 countries, we have been made aware of another fake email scam targeting digital signature software DocuSign.

As users of this software, we are writing to make you aware of the fake emails, and assist you in identifying what is and isn’t an authentic email.

What is the scam?

This particular scam may appear quite realistic to Maxim clients who are users of DocuSign as the email header includes the words ‘accounting invoice’ and prompts the recipient to follow a link to enter their credit card details, or elect to defer payment and quote their ‘TaxID’. There is also the possibility that the links could expose the user to unwanted ransomware or malware.

How do identify an authentic DocuSign email from Maxim Accounting?  

First and foremost, if you are unsure at all of the authenticity of ANY email (eg. if you do not recognise the sender or the subject matter is not expected), do NOT open it. In particular, don’t open any attachments or click on any links.

Indicators of Authenticity:

1) Maxim will NEVER send you any Invoices via DocuSign – any reference to an ‘Accounting Invoice’ or any request for payment or personal information should be treated suspiciously.
2) Authentic Maxim DocuSign emails will only be sent from either the docusign.net or docusign.com domain (see highlighted sender below)
3) Authentic Maxim DocuSign emails will include the Maxim Accounting logo (circled below)
4) Authentic Maxim DocuSign emails will include a personalised message or signature from our staff (usually Katinka Smith, Amanda Prested, Rose Rimas or Marilyn Fermin)

Ultimately, if you have any doubts at all about the authenticity of any email purported to be sent by Maxim, please call our office on 49 25 1000.

SAMPLE OF AUTHENTIC MAXIM DOCUSIGN EMAIL

docusign_2.png

SAMPLE OF FAKE DOCUSIGN EMAIL

docusign_3.png

Is DocuSign safe?

DocuSign have published the following information on their website

‘DocuSign’s Incident Response team detected a sophisticated phishing attack targeting some DocuSign users. It misrepresented DocuSign’s brand in an attempt to trick recipients into clicking a link that installs malicious software. However, DocuSign’s core platform has not been hacked, and our customer data remains secure. While phishing campaigns like this are not uncommon, we want to ensure that DocuSign customers and users are best positioned to protect themselves, their systems and their data. Please visit the DocuSign Trust Site for more details – https://trust.docusign.com/en-us/personal-safeguards/

In short, the attack is not due to any compromise of any personal data, rather it is designed to trick recipients into clicking through or entering personal data, due to recognition with the DocuSign brand.

What do I do if I have received a suspicious email?

If you think that you have received a fraudulent email, DO NOT click on links or open attachments.
Contact Maxim on 49 251000 if you are unsure about whether the email is authentic.

If it is found not to be an authentic DocuSign email, you can forward it to DocuSign Security immediately at spam [at] docusign [dot] com and their security team will take further steps identify the source and prevent future phishing attacks.

Please check out the DocuSign Trust Center for the most up-to-date information about personal security and additional information about identifying a valid DocuSign Email notification.

X
Enter your Maxim Accounting and Business Advisors username.
Enter the password that accompanies your username.
To prevent automated spam submissions leave this field empty.
Loading