Your Security Matters Why Report Suspicious Activity?
Docusign is committed to maintaining your trust and the security of your data. We take reports of suspicious activity very seriously. This guide provides clear instructions on how to identify, report, and protect yourself from potential security threats, including fraud and phishing attempts.
By understanding the different types of threats and knowing how to report them, you help us keep the Docusign platform secure for everyone. Your vigilance is critical in preventing fraudulent activities and protecting your valuable information.
Key Concerns Understanding Security Threats: Improper Use vs. Imitation
There are two primary types of security concerns you should report to Docusign:
Improper Use of Docusign: This refers to fraudulent or illegal activities directly related to legitimate Docusign customer accounts. This violates our Terms & Conditions.
Imitation of Docusign: This involves attempts to deceive users into thinking emails or websites are from Docusign, often through phishing campaigns.
Understanding the difference is key to reporting accurately and protecting yourself. Both types are serious and require immediate attention. Refer to the Docusign Trainer Tip: What should I do if I receive a suspicious email? for guidance.
Fraudulent Activity Identifying and Reporting Improper Use of Docusign
Improper use involves the misuse of a valid Docusign account for fraudulent or illegal purposes. This includes activities that violate our Terms & Conditions.
What to Report: Activities such as using a Docusign account for fraudulent schemes, illegal transactions, or any activity that violates our terms.
How to Identify: Docusign envelope notifications always come from the @docusign.net domain. Links in legitimate emails will direct you to docusign.com or docusign.net. Hover over links to verify the URL before clicking. Most email notifications include a unique 32-character security code.
How to Report: Report suspicious activity using the "Report Abuse" feature within the signing experience (accessed via the three vertical ellipses), or from the "Report this email" link in the envelope notification footer. You can also use our i-Sight web portal. Provide any supporting evidence, such as screenshots or relevant documentation, to help us investigate.
Phishing Awareness Recognizing and Reporting Imitation of Docusign (Phishing)
Imitation attempts, also known as phishing, try to trick you into believing an email or website is legitimate. They often aim to steal your login credentials or personal information.
How to Spot Imitation Emails and Websites: Look for these red flags: unfamiliar sender, generic greetings, links that don’t match docusign.com or docusign.net (verify by hovering over the link), attachments that you weren't expecting (Docusign never sends attachments requesting your signature), and a sense of urgency.
How to Report: Forward suspicious emails (as an attachment) to . For suspicious websites, email the URL to for investigation.
“Your vigilance is our strongest defense against fraud and security threats. Report anything suspicious immediately.
Docusign Security Team
Take Action Now!
Quickly Report Suspicious Activity or Threats:
Report Abuse Feature
Report suspicious activity directly within the signing experience (three vertical ellipses).
Report Phishing
Forward suspicious emails as attachments to .
i-Sight Web Portal
Report issues through Docusign’s online web portal (provide detailed information).
Stay Safe Tools and Tips to Protect Your Data
Protecting your data involves a proactive approach. Here are some essential tips:
Verify Senders: Always confirm the sender's identity if you are unsure of an email’s authenticity.
Check Links: Hover over links to verify the destination URL before clicking.
Never Provide Sensitive Information: Docusign will never ask for your Social Security number, bank account details, or credit card information in an email.
Review Security Code: If you receive a Docusign envelope, look for the 32-character security code in the email.
Stay Informed: Review our Tools to Protect Your Data From Phishing blog for the latest security advice.
Further Assistance Additional Resources and Support
For requests or concerns regarding your personal data, submit a request through our Privacy Request Portal.
For SMS verification code issues that you did not request, ignore and delete the message and change your password as a precaution.
Visit our Data management and privacy page for more information.
Refer to the FCC article: Avoid the Temptation of Smishing Scams.