There are affiliate links on this page.
Read our disclosure policy to learn more.
Translate this page to any language by choosing a language in the box below.
DocuSign Scam and Malware: "Please DocuSign this document : Important Changes - Employers Only; Your document has been completed. All parties have completed the envelope "
"DocuSign" Scam Email
"Please DocuSign this document : Important Changes - Employers Only; Your document has been completed. All parties have completed the envelope "
Have you received an email from "DocuSign", telling you that "Please DocuSign this document : Important Changes - Employers Only; Your document has been completed. All parties have completed the envelope "; with an attachment and asking you to "To view or print the document download the attachment.". Of course, it is a scam and malware. If you click to open the attached file (typically, it is a zip file), you will open a virus, trojan or other malware.
Norton, the anti-virus company defines this sort of attachment as "malware", saying on their website:
"Malware is a category of malicious code that includes viruses, worms, and Trojan horses. Destructive malware will utilize popular communication tools to spread, including worms sent through email and instant messages, Trojan horses dropped from web sites, and virus-infected files downloaded from peer-to-peer connections. Malware will also seek to exploit existing vulnerabilities on systems making their entry quiet and easy."
Opening the attached file can install a virus or trojan on the user's computer. Once installed, a virus and destroy your files, replicate iself, spam your friends and more. A trojan can send your confidential, personal information to malicious servers and may download other malware.
The scammers rely on the fact that many recipients may open the attachment out of simple curiosity or concern. You should always be very cautious of any unsolicited emails that claim that a package delivery has failed or been returned. No legitimate delivery company will send notice of a failed delivery via an unsolicited email. Especially not with an attachment.
Sample Scam and Malware: DocuSign Email
In 2013, CFR received the following email:
-----Original Message-----
From: DocuSign Service [mailto:dse@docusign.net]
Sent: Wednesday, July 17, 2013 11:42 AM
Subject: Please DocuSign this document : Important Changes - Employers Only..pdf
Your document has been completed
All parties have completed the envelope 'Please DocuSign this document: Important Changes - Employers Only..pdf'.
To view or print the document download the attachment.
(self-extracting archive, Adobe PDF)
This document contains information confidential and proprietary to abc.com
LEARN MORE: New Features | Tips & Tricks | Video Tutorials
DocuSign. The fastest way to get a signature. If you have questions regarding this notification or any enclosed documents requiring your signature, please contact the sender directly. For technical assistance with the signing process, you can email support. This message was sent to you by administrator@abc.com who is using the DocuSign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request.
DocuSign posted the following warning on their website:
Update 6/7/2013
DocuSign is seeing malicious phishing email attacks as of this afternoon. In this round of malware spam email attacks, malicious third parties are including .zip attachments. These emails are not associated with DocuSign. They are coming from an unrelated, malicious third party attempting to copy our email style and language in the hopes of fooling recipients into opening the email and clicking on the attachments. In other versions of this type of spam we have also seen links to non-DocuSign sites as well as the .zip attachments. Always pay attention to the URL at the top of your DocuSign log-in. A DocuSign log-in page should begin with https://www.docusign.net.
Examples of the emails we have seen this afternoon all have the subject line of, "Please DocuSign this document: Important Changes ' Employers Only..pdf"
Please remember to be particularly cautious if you receive an invitation to sign or view for an envelope you are not expecting. If you have received a copy of the malware spam email, DO NOT CLICK ANY LINKS or OPEN ANY ATTACHMENTS. Instead, forward the email to spam@docusign.com and then immediately delete the email from your system.
Any other links within emails made to look like DocuSign system emails are
unsecure and unsafe. DO NOT CLICK these links. Examples of unsecure and
unsafe links that we have seen in malware spam emails to date include (but
are not limited to):
Recommendations- What to do:
Do not open the attachment. Delete the email.
And please let us know about any suspicious calls or emails you receive. We look for patterns so that we can alert the authorities and victims to new scams, before it is too late!
- Only open email or IM attachments that come from a trusted source and that are expected
- Use an anti-virus/anti-spam package (we recommend Norton 360 or Norton Internet Security scan all attachments prior to opening. Click here to see Norton 360 2013 on Amazon.com .
- Delete the messages without opening any attachments
- Do not click on links in emails that come from people you do not know and trust, even if it looks like it comes from a company you know.
- Keep your anti-virus software up to date
- Keep your operating system up to date with current security patches. Click here for an article that describes how to do this.
Definitions: What are viruses, trojans, worms and more?
Malware is a category of malicious software code that includes viruses, worms, bots, backdoors and Trojan horses. Malware uses popular communication tools to spread, including viruses and worms that are sent through email and instant messages, Trojan horses in email attachments or received when you visit a corrupted website, and virus-infected files downloaded from file sharing P2P connections.This can be confusing, so here is a simple breakdown. See this article from CISCO for a more detailed description.
Viruses
A computer virus propagates itself by inserting a copy of itself onto your computer. Viruses can range in severity from causing mildly annoying effects to damaging data files or software. Almost all viruses are attached to an executable file, which means the virus may be on your computer or in an email, but will not be active or able to spread until you run it, click on it, or open the file or attachment.
Worms
Computer worms are similar to viruses in that they reproduce copies of themselves and can cause the similar damage. But worms are standalone software and do not require the user to open an attachment (although they can) - often they take advantage of weaknesses in operating systems to spread from computer to computer throughout a network (home or company)
Trojans
A Trojan is named after the wooden horse the Greeks used to enter Troy. It is a harmful file that looks legitimate, such as "Attached is your invoice. Click here to open it.". Users are typically tricked into loading and executing it on their systems. After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops) to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses). Trojans are also known to create back doors to give malicious users access to the system.
Bots
"Bot" comes from the word "robot" and is an automated process that interacts with other network services. A typical good use of bots is to gather information (such as web crawlers), or interact automatically with instant messaging (IM), Internet Relay Chat (IRC), or other web interfaces. They may also be used to interact dynamically with websites. Bots can be used for either good or malicious intent. A malicious bot is self-propagating malware designed to infect a host and connect back to a central server that may control an entire network of compromised devices, or "botnet. Bots can include the ability to log keystrokes, gather passwords, capture and analyze packets, gather financial information, launch DoS attacks, relay spam, and open back doors on the infected host.
Backdoor
AA back door is an undocumented way of getting into a computer system, bypassing the normal security logon mechanisms. Some back doors are placed in the software by the original programmer and others are placed on systems through a system compromise, such as a virus or worm. Usually, attackers use back doors for easier and continued access to a system after it has been compromised. This is commmon when software makes your computer a "zombie".
For a comprehensive list of national and international agencies to report scams, see this page.