Phishing Alert – DocuSign Email
The college is experiencing a persistent phishing attack by threat actors impersonating DocuSign. While most of the emails have been blocked by our security systems, a few have made it through.
The fraudulent emails are designed to steal your credentials; it is important to note that DocuSign does not require you to enter your College credentials to sign a document.
How To Spot The Phish
A few simple techniques can help you spot the difference between a DocuSign phishing email and the real thing:
- Hover over all embedded links: URLs to view or sign DocuSign documents contain “docusign.net” and always start with “https”.
- Access the documents directly from www.docusign.com by entering the unique security code found at the bottom of every DocuSign email.
- Don’t open unknown or suspicious attachments or click links—DocuSign will never ask you to open a PDF, office document or zip file in an email.
- Look for misspellings, poor grammar, generic greetings, a false sense of urgency and/or a demand.
Contact the sender offline to verify the email’s authenticity.
Important: If you are not expecting electronic documents for your signature, be suspicious that it’s a phishing attempt.
Report Suspicious Emails
If you receive an email that just doesn’t seem right – report it to IPC using the report phishing button in Outlook, or forward the email to phishbowl@rrc.ca .
Thank you
Information Protection & Compliance, Office of the CIO