Phishing Alert – DocuSign Email

The college is experiencing a persistent phishing attack by threat actors impersonating DocuSign. While most of the emails have been blocked by our security systems, a few have made it through.

The fraudulent emails are designed to steal your credentials; it is important to note that DocuSign does not require you to enter your College credentials to sign a document.

How To Spot The Phish

A few simple techniques can help you spot the difference between a DocuSign phishing email and the real thing:

• Hover over all embedded links: URLs to view or sign DocuSign documents contain “docusign.net” and always start with “https”.
• Access the documents directly from www.docusign.com by entering the unique security code found at the bottom of every DocuSign email.
• Don’t open unknown or suspicious attachments or click links—DocuSign will never ask you to open a PDF, office document or zip file in an email.
• Look for misspellings, poor grammar, generic greetings, a false sense of urgency and/or a demand.
  Contact the sender offline to verify the email’s authenticity.

Important: If you are not expecting electronic documents for your signature, be suspicious that it’s a phishing attempt.

Report Suspicious Emails

If you receive an email that just doesn’t seem right – report it to IPC using the report phishing button in Outlook, or forward the email to phishbowl@rrc.ca .

Thank you

Information Protection & Compliance, Office of the CIO