Phishing scam using Docusign

Fraudsters have continued their phishing efforts recently targeting UIndy accounts with bogus emails mimicking Docusign for PayPal transactions. These are NOT real. They are just trying to get your personally identifiable information (PII). 

DO NOT engage in email exchanges, give money or accept their checks, give passwords, gift cards, or any personal information.  Report these emails as phishing in your email account.  If you have given them money or banking information, contact your bank ASAP.  Questions? Contact UIndyIT at [email protected].

How to identify scam

Here are some specific red flags to recognize in this phishing email:

  1. Financial transactions to/ from someone or some place that you don't recognize
  2. Sense of urgency
  3. Email address using multiple periods in their email address name
    1. This is a practice to obfuscate an email address and/or bypass any spam filters that might have caught their true email address 
  4. Paypal has its own notification system and ways to sign documents; not Docusign
  5. In the body of the email, there is no mention about signing a document (which is what Docusign is used for).
Depicts Docusign phishing scam email

What to do if you suspect a scam or have been scammed

  • If you are unsure or believe something is fraudulent, forward the email to IT Help Desk ([email protected]).
  • If you have already sent money, contact your bank or credit card company right away to close the account or dispute the charges.  Then, contact UIPD ([email protected]).