E-Sign of the Times: Signature Scams

This year has seen many changes to the technology we use to stay connected, as so many have had to work from home. Zoom meetings have replaced conference room gatherings, companies have scrambled to get employees connected from home … and every single change has presented new opportunities for hackers and phishers.

Now joining that list are electronic signing services like DocuSign. Again, usage is up because e-signing is an effective alternative to meeting in person. And that presents yet another opportunity for the bad guys.

DocuSign, in fact, recently released a statement detailing several new phishing scams where cybercriminals attempt to fool users by requesting an electronic signature. These emails appear to be from DocuSign, and urge the user to either click a link (which then downloads ransomware or other malware) or to enter their personal information, setting themselves up for identity theft.

It’s easy enough to flag a signature request from a stranger, but scammers have long since figured out how to access a user’s contacts, so these may appear to be legitimate requests. How can you spot a phishing attempt?

  • If you weren’t expecting a request to sign a document, that’s a big red flag. Even if the person requesting the signature appears to be a legitimate business contact, confirm by phone before proceeding.
  • Before you click on any link or button, hover your cursor over it for a moment. Look for a little pop-up (Outlook) or look down in the lower left-hand corner of your browser window (Gmail) to see where the link is actually pointing. Read carefully … we just saw one from “Faceboook.com” (with an extra ‘o’).
  • Read the whole email and consider the spelling, grammar and syntax. Many phishing schemes, but not all, originate overseas. Spelling errors and text that just doesn’t sound natural are hallmarks of phishing scams.

If you have any doubt at all, don’t click and don’t reply. Anyone legitimately requesting your signature will follow up to find out why you haven’t completed the process.

Questions about cybersecurity or cyber liability coverage? Contact Consolidated Insurance.