DocuSign Phishing Scam – How to Get Rid of it

DocuSign Phishing Scam – How to Get Rid of it

This article has been created in order to help you by explaining to you how to remove the DocuSign Phishing Scam which can be encountered via email messages.

The DocuSign phishing attack is the latest malicious tactic used to coerce computer users into entering their account credentials on a fake login page. Such actions can have very dangerous consequences and as a result can infect the system with various malware. Our guide shows how potenital targets can spot the scam and evade it.

Threat Summary

NameDocuSign Phishing Scam
Type Scam / Malware
Short DescriptionThis scam uses harvested or stolen information about the users by posign as a legitimate service.
SymptomsDisplayed scam login pages.
Distribution MethodVia e-mail messages, redirects and browser hijackers .
Detection Tool See If Your System Has Been Affected by DocuSign Phishing Scam


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss DocuSign Phishing Scam.

DocuSign Phishing Scam – Overview

The security community has alerted of a new threat — the DocuSign Phishing Scam. The hackers behind it have created a counterfeit site that poses as a legitimate login page for DocuSign, one of the leading electronic signature companies.

The practice makes use of two common tactics associated with these type of threats:

  • Domain Name — The hackers use a similar sounding domain name — dacusign.^net VS
  • Web Elements — The criminals have hijacked legitimate web elements that are used by the service.

Users can receive the DocuSign phishing scam through email messages. They are sent using a bulk distribution campaign and may either display the message itself or contain a long text-based body contents that redirect to the constructed site. In most cases the messages will be sent via the spoofed domain. Another tactic would be to spoof other users and send the messages through them.

Still the most popular method still remains the site itself. Users can get redirected to it via malicious redirects and scripts. They come under various forms, most commonly disguised as pop-ups, banners, redirects, in-line hyperlinks and etc. In many cases they can also make use of affiliate networks and users can access them via banners that can be found even on legitimate sites.

The criminals can also employ browser hijackers — they represent malicious web browser extensions that are usually spread on the plugin repositories and are advertised as useful additions. Most of them rely on fake developer credentials, false user reviews and elaborate descriptions. Once they are installed a common tactic is to reconfigure the browsers into redirecting to a hacker-controlled page.

The reason why the DocuSign phishing scam is being performed against computer users is that the hackers can easily steal information. The have prepared a fake DocusSign login page that requests their credentials (email address and password) that if entered allow the criminal controllers to attempt and use them for additional services. The dangerous fact about the scam is that it allows the users to use other services to login:

  • Google
  • Facebook
  • Microsoft
  • Twitter
  • LinkedIn
  • Yahoo

While the scam seems to primarily attempt to harvest user data it can have some very dangerous consequences. Apart from the hackers having access to a primary account credential. This information can then be used by the hackers to attempt and intrude into other accounts owned by the users.

A dangerous practice is the continued display of instructions to the victims. The hacker can lure them into downloading viruses of all kinds: Trojans, ransomware, worms and etc. A dangerous tactic is when the site loads scripts or plugins to the affected browsers. A possible case scenario is the introduction of cryptocurrency miners to the victim hosts — they use the available system resources in order to carry out complex mathematical calculations. The results are reported to a server and as a reward money is transferred to the criminal operators in the form of digital currency assets.


Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share