DocuSign Professionals that use DocuSign should beware of an active phishing campaign looking to infect their computer with a data-stealing Trojan, warns antivirus firm Bitdefender.

Did you know “secure doc” email are one of the hardest types email for the average user to identify if it’s real or a “phish”?

The phishing email  example below has been carefully crafted to appear as if it were a legitimate notice sent by DocuSign Electronic Signature Service.

It appears to be sent on behalf of the administration department of the recipient’s company.

Take a look at the example below and learn what to do if you’ve received this DocuSign email.


Can you spot what’s “phishy” in the below email?

This email example below is trying to trick the recipient into clicking on a link to a .PDF


DocuSign Phishing Email

DocuSign Phishing Email Example

Screenshot Credit: Bitdefender

From: DocuSign Service ([email protected])
Subject: To all Employees – Confidential Message

Your document has been completed

Sent on behalf of [email protected].

All parties have completed the envelope ‘Please DocuSign this document:
To All Employees 2013.pdf’.

To view or print the document download the attachment .

(self-extracting archive, Adobe PDF)

This document contains information confidential and proprietary to bitdefender.com

LEARN MORE: New Features | Tips & Tricks | View Tutorials

DocuSign. The fastest way to get a signature.

If you have questions regarding this notification or any enclosed documents requiring your signature, please contact the sender directly. For technical assistance with the signing process, you can email support.

Update: 1/31/2019 Check out our new cyber security quiz

cyber security quiz online

What’s phishy here?
Did you notice the link to an embedded .PDF?

Attached to the email is a zip file named “To ALL Employees.zip,” and it shouldn’t be a surprise to anyone that inside the archive is a payload identified as Trojan.Generic.KD.834485.

The scammer wants you to click the link to the “.PDF” and wants you to “enable macros” or “enable editing capabilities”. However, if you do allow this option, your computer or workstation becomes infected with in this case a malicious data stealing trojan.

Once it has infected a machine, Trojan.Generic.KD.834485 will get to work by stealing login credentials stored in email clients & web browsers, attempt to log into other network machines by guessing weak passwords using remote desktop protocol (RDP), possibly download and install additional malware (such as the infamous ZeuS/Zbot), and collect account information related to server names, port numbers, login IDs, FTP clients, and cloud storage programs.


Update 9/26/2016

DocuSign is aware of this email threat and has taken the courtesy of posting a warning on their website advising users that legitimate emails do not contain zip or executable files as attachments and to mouseover links to check for the docusign.com or docusign.net domains before following them.

We received a tweet from the official DocuSign twitter account. Please use the email address listed in their tweet to report phishing emails. Let’s spread awareness by sharing this blog post.



Think You Received a DocuSign Phishing Email?

Do not download or open any attached files.

Hover your mouse over links to check for the legitimate docusign.com or docusign.net domains.
(Note: This may not matter if a file is attached since real emails from DocuSign do not contain attachments.)

Report the email by forwarding it to [email protected]

Delete the email immediately.


Did you open the Docusign Phishing Email?

If you did accidentally open the Docusign Phishing email, you’re probably wondering what do I do next?

1. You should run a full virus scan using your anti-virus software immediately.

2. For peace of mind, take your computer to a computer repair store and have the computer thoroughly diagnosed and remove the trojan and malware.


Want instant peace of mind?
Remove the Trojan Now

Here at Hyphenet, we do remote computer repair from our office in San Diego, California.

Call us: (619) 325-0990  to connect to a remote computer repair technician. Watch as we diagnose and repair your computer over the internet and remove viruses, trojans, and more!


Prevent Docusign Phishing Attacks


Hosted Anti-spam Services in San Diego

Do you know email threats are becoming more sophisticated and harder for users to detect?

Today’s email security is so much more than filtering spam, that’s why businesses need preventative protection.
We offer spam solutions tailored to fit your business.

Prevent targeted phishing and spam attacks
from entering your inbox.

Contact Us Today for a Free Quote



We have helped many customers recover and prevent this horrible Docusign Phishing Email.