Docusign phishing scam: keep your account safe
News
Posted on Tuesday 24 June 2025
Staff have received phishing emails which appear to be from DocuSign. Anyone could be targeted - find out how to protect yourself.

We're seeing a rise in phishing emails impersonating DocuSign with fake requests to sign contracts or orders, pay invoices or complete other similar activities. Everyone is at risk, with those in financial or executive roles likely to be targeted in particular.
These scams are designed to steal usernames, passwords and MFA sessions, so it's important to be vigilant.
The emails often claim to come from an organisation's billing department. They include a link which, if you click on it, takes you to a login page and asks you to enter your username and password. You should not do this.
What we're doing
- At the request of the University Executive Board, we’ll be rolling out a new MetaCompliance training module to raise awareness of this ongoing threat to the University. The training will include an example of how these emails look.
- We encourage you all to remember that your inbox is a potential vulnerability. Always ensure that senders are genuine before following any links or opening any attachments.
- We encourage you to use your managed device for all University work wherever possible. We have deployed Crowdstrike to all managed devices which is our last line of defence against such attacks. In many cases, this will detect and prevent the malicious activity upon your device, but this cannot be guaranteed, so your care and attention is still vital.
What you can do
- Think about what’s a usual part of your role. If you’re asked to do something out of the ordinary that you would not normally do (such as paying an invoice or signing a contract) then this is a red flag and should make you question the authenticity of the sender/request.
- If you do regularly perform these actions, be aware that this is a common attack route designed specifically to exploit your position. Be extra vigilant in ensuring senders are genuine and that you can verify the legitimacy of the request independently.
- Discuss these common attack routes with your colleagues and in your team meetings and encourage each other to be aware of the risks of inbound email.
- If you’re unsure, don't click. Remember, you can always query these things with IT Services whenever you need help.
If you have any questions, contact IT Services.