Take Care When Executing Electronically Signed Documents
A favorite phishing ploy is the use of fake DocuSign or other electronic signature emails which, when you click on the link to the document, download malware to your computer.
As with all emails that contain a link, you should always check where the link leads.
In most cases, a mouseover (hovering over the link with the pointer) will expose the actual link that will be executed. However, in a genuine DocuSign email for execution of an agreement, this is unhelpful, as the link does not contain the DocuSign domain or any other relevant information.
The only real clue is the return address – make sure it is from the DocuSign domain and address, which should be email@example.com.
Adobe’s is firstname.lastname@example.org. Each of the other signature services have their own, which will likely include the brand domain.
If you have any doubt, separately check the domain on the internet using a browser.
The Information and Business Technology group at Metz Lewis has years of experience in data privacy and security matters and is ready to have a conversation about the needs of your business.
This post was written by Barry Friedman