Everything On DocuSign Phishing Attacks in 3 Minutes
- by Brittany Day

How A DocuSign Phishing Scam Works
Threat actors are upping their attack game in Microsoft 365 - employing sophisticated tactics such as impersonating DocuSign email notifications to steal employees’ credentials, which can be used to access important business documents. In such an attack, a user receives a fraudulent email mimicking the content seen in legitimate emails sent by Docusign to notify a user that there is a document ready for them to review. The phony email contains a malicious payload link concealed in text and hosted via multiple redirects designed to confuse victims, and to bypass simple URL detection in emails that aren’t able to crawl numerous redirects. If a victim falls for such a scam, his or her DocuSign login credentials and business email account credentials, as well as any sensitive information stored on these accounts, are compromised.
Some Notable Stats
- According to the FBI, 30% of phishing attacks make it through existing systems and are opened by target users.
- Osterman Research reports that despite existing protection, 40% of Microsoft 365 users have experienced credential theft nevertheless.
- During the month of May of 2020 Guardian Digital EnGarde Cloud Email Security identified more phishing emails targeting cloud email users than in any month prior since the company’s inception in 1999.
How To Stay Safe in Microsoft 365
Implement a threat-ready, fully-managed cloud email security solution that seamlessly complements Microsoft’s insufficient default protection, providing the critical additional layers of security that Microsoft 365 lacks. Defense-in-depth is crucial in fortifying cloud email against today’s advanced threats.
We provide additional tips and advice for staying safe online while working remotely in a recent blog post.
The Bottom Line
With an increase in complex attacks targeting cloud email users, it is more critical than ever to ensure that remote workers are protected in Microsoft 365. Microsoft 365 default security alone is alarmingly insufficient in safeguarding users, and conventional security solutions are no longer able to keep pace with attackers' sophisticated tactics. A comprehensive, multi-layered approach to email security is needed to fortify Microsoft 365 email against DocuSign phishing scams and other emerging exploits.
Download our free eGuide to learn more about protecting users in Microsoft 365.
Must Read Blog Posts
- Demystifying Phishing Attacks: How to Protect Yourself in 2023
- What You Need to Know to Shield Your Business from Ransomware
- Shortcomings of Endpoint Security in Securing Business Email
- Microsoft 365 Email Security Limitations You Should Know in 2023
- Email Virus - Complete Guide to Email Viruses & Best Practices
- How Phishing Emails Bypass Microsoft 365 Default Security
Phishing Is Evolving
Latest Blog Articles
- 16 Business Communication Tips to Drive Engagement and Improve Relationships
- Critical Steps to Take When Your Content Is Being Shared or Sold Illegally
- How To Spot A DocuSign Scam Email
- What To Do If Your Business Email Gets Hacked
- Why Do Over 90% of Cyberattacks Begin with an Email?
- FBI: The 2020 Presidential Election Is Under Attack by Email Scammers
- Why Is Machine Learning (ML) Beneficial in Security?
- What Is a Cyberattack?
- Cyber Risk Is On the Rise: How To Ensure Preparedness
- How to Protect Sensitive Data & Maintain Client Trust in Financial Services Industry