www.docusign.com
Open in
urlscan Pro
151.101.130.133
Public Scan
Submitted URL: https://protect-d.docusign.net/report-abuse?e=AVElOvh4OlFKoZ0qrfagN5evRtJWsftMOgfD0M13M9fxYgaaBBaLUAEHejGDf2_6fpIyLMknRr1-wz-BX...
Effective URL: https://www.docusign.com/trust/security/incident-reporting
Submission: On February 21 via api from CA — Scanned from CA
Effective URL: https://www.docusign.com/trust/security/incident-reporting
Submission: On February 21 via api from CA — Scanned from CA
Form analysis
0 forms found in the DOMText Content
Do you want to switch to our US site? Switch to USDismiss Skip to main content Join us at Momentum this April to experience the future of agreements. * Sales 1-877-720-2040 * Search * Support * Access Documents * Log In * Solutions Just looking to sign? Create a free DocuSign account to securely upload, sign and return documents digitally. Even those received as email attachments. Start signing for free EXPLORE * Trust & SecurityA relationship you can trust * Customer ExperienceAn experience people love * Business AgilityA better way to work USE CASES * Human ResourcesSeamlessly manage the employee lifecycle * LegalReduce risk and drive faster turnaround times * ProcurementTransform the procure-to-pay process * SalesClose deals faster, increase productivity and delight your buyers * All Use Cases INDUSTRIES * Financial Services * Insurance * Real Estate * Government * All Industries * Products SIGNATURES * Electronic SignatureThe #1 way to send and sign * Electronic NotarizationSecurely send, sign and notarize agreements online CONTRACTS * Contract Lifecycle ManagementOrganized, automated document workflows * Document GenerationGenerate documents seamlessly from Salesforce MORE * Identity VerificationIncorporate enhanced signer verification into your agreements * SMS & WhatsApp DeliveryAccelerate signatures by delivering agreements via SMS or WhatsApp * Web FormsStreamline data collection and speed up signing * APIs * Integrations * Mobile Apps * All Products * Resources LEARN * Blogs * Customer Stories * Resource Center * Legality Guide CONNECT * Community * Events * DocuSign Momentum PLATFORM * Developer Center * Product Releases * Roadmap * Partners * ISV Embedded eSignature SUPPORT * Support Center * Customer Success * DocuSign University * Plans & Pricing SIGNATURES * eSignatureWe’ve got the right plan for you * eSignature for Real EstateDocuSign for REALTORS® now includes Real Estate Forms APIS * API Usage PlansStart simple or build for scale with robust APIs LOOKING FOR CLM OR ENTERPRISE PRICING? Every business is different. That's why we use bespoke pricing to make sure you only pay for exactly what you need. Request a Quote Contact Sales Buy Now Try for Free Trust Center * Overview -------------------------------------------------------------------------------- * Alerts -------------------------------------------------------------------------------- * Compliance -------------------------------------------------------------------------------- * Legal -------------------------------------------------------------------------------- * Privacy -------------------------------------------------------------------------------- * Security -------------------------------------------------------------------------------- * System Status -------------------------------------------------------------------------------- * Trust Portal -------------------------------------------------------------------------------- REPORT SECURITY CONCERNS v20230307 DocuSign Trust is a top priority and reports of suspicious activity are taken seriously. It’s imperative that security concerns are shared with us to ensure issues are addressed timely and appropriately. This page outlines the difference between imitating DocuSign via spoofing or impersonation used in phishing campaigns and the improper use of DocuSign customer accounts to commit fraud — as well as the correct reporting channel for each. Attempts to trick people into believing that emails are related to or from an actual DocuSign customer account are imitation attempts. Conversely, concerns related to an actual DocuSign customer account are considered fraud and improper use of our platform. QUICK REPORTING GUIDE Type What happened? How do I report my concern? Additional Resources Imitation DocuSign I received a fake (spoofed) DocuSign themed email notification or want to report an imitation DocuSign URL. Send an email to Spam@docusign.com. Combating phishing white paper DocuSign Brand Impersonation Improper use of DocuSign I’m a victim of DocuSign customer fraud or I received a suspicious DocuSign envelope and I suspect fraud/illegal activity. File a complaint through the DS Fraud Portal. How DS users can spot, avoid and report fraud Other security concerns I have a DocuSign security threat concern not listed above or I’m unsure. Report all other security concerns to security@docusign.com. Privacy concerns and requests I have a request or concern regarding my personal data. Submit a request through the Privacy Request Portal Privacy Notice DocuSign’s Binding Corporate Rules Data management and privacy REPORTING IMITATION OF DOCUSIGN Our customers are the first line of defense against cybersecurity threats. Detecting cyber security issues quickly reduces the possibility of negative consequences. The information below explains how to detect cyber security threats via imitation (also called spoofing) and report them to DocuSign’s information security team for investigation. DEDICATED THREAT REPORTING CHANNELS DocuSign has dedicated reporting channels based on the type of threat: * DocuSign-themed imitation emails and websites: If you think that you’ve received a fraudulent email purporting to come from DocuSign, forward the entire email as an attachment to spam@docusign.com and delete it immediately. If you identify a website imitation of DocuSign, please copy and paste the URL into an email to spam@docusign.com for investigation. * Other security incidents and DocuSign-themed threats for investigation: new cybersecurity threats occur regularly. To support DocuSign information security and threat intelligence, report security incidents and DocuSign platform threats to security@docusign.com. GUIDELINES FOR IDENTIFYING IMITATION EMAILS AND WEBSITES If you don’t recognize the sender of a DocuSign envelope and are uncertain of the email’s authenticity, look for the unique security code included in all DocuSign envelopes at the bottom of the notification email. If you don’t see this code, don’t click on any links or open any attachments. Review our Combating Phishing white paper to learn more. 1. Imitation links Avoid imitation links by accessing your documents directly from https://www.docusign.com using the unique security code found at the bottom of the DocuSign notification email. Always check where a link goes before clicking by hovering your mouse over the link to review the URL (it should be hosted on DocuSign.com or DocuSign.net). An imitation link is dangerous and can: * Direct you to an imitation website that tries to collect your personal data * Install spyware (which can enable a hacker to monitor your actions and steal login credentials) on your system * Cause you to download a virus that could disable your computer 2. Imitation sender email address Imitation emails may include a forged email address in the "From" field, which is easily altered. If you don’t recognize the sender of or weren't expecting a DocuSign envelope, contact the sender through communication channels outside of email to verify its authenticity. 3. Attachments DocuSign emails that request you to sign a document never contain attachments. Don’t open or click them within an email requesting your signature. DocuSign emails only contain PDF attachments of completed documents after all parties have signed the document. Even then, pay close attention to the attachment to ensure it’s a valid PDF file. DocuSign never attaches zip files, HTML files, or executables. 4. Generic greetings Many imitation emails begin with a generic greeting like “Dear DocuSign Customer.” If you don’t see your name in the salutation, be suspicious and don’t click on any links or attachments. Conversely, also be aware of highly personalized emails, especially if you do not know the sender or were not expecting the communication. 5. False sense of urgency Many imitation emails try to deceive you with the threat that your account is in jeopardy if you don’t provide immediate updates. As it relates to DocuSign, they might claim that unauthorized transactions have occurred on your account and it's imperative that you update your account information immediately. 6. Emails that appear to be websites Some imitation emails are made to look like DocuSign or other websites to get you to enter personal information. DocuSign never asks you for personal information, such as login credentials, via email. 7. Deceptive URLs Just because the address looks OK, don't assume you are on a legitimate site. Look in your browser's URL bar for signs that you may be on a phishing site: * Often the address of a phishing site deviates slightly from its legitimate counterpart: for instance, it might say DocuSing.com instead of DocuSign.com * Your browser can detect certain types of malicious sites—always pay heed to its warnings, especially when it notifies you that a site or certificate can’t be trusted. 8. Misspellings and bad grammar While no one is perfect, imitation emails are often rife with bad grammar and misspellings. The errors could be intentional; such mistakes help fraudsters avoid spam filters. 9. Unsafe sites The term "https" should always precede any website that requests personal information (the "s" stands for secure.) If you don't see "https," you're not in a secure Web session, and shouldn’t enter any personal data. A legitimate DocuSign sign-in page address always starts with “https://.” 10. Pop-up boxes DocuSign never uses a pop-up box in an email, because they aren’t secure. REPORTING IMPROPER USE OF DOCUSIGN OVERVIEW Reports of customers violating DocuSign’s Terms & Conditions are investigated as needed. This section outlines how to identify suspected improper use of DocuSign, how to report it, what information we collect, common fraud themes, alerts, resources and additional information. As technology continues to advance and more companies shift to a digital environment, so do fraudsters. The rising trend means they may leverage DocuSign’s reputation and trust to target unsuspecting victims. They are creative at finding ways to appear legitimate on the surface, which means fraudulent activity can even occur through a valid DocuSign account. That’s why it’s always so important to exercise due diligence before providing sensitive information or sending money to anyone. If you believe you are a victim of fraud or suspect fraud on our platform, please read the following information and report it to DocuSign. WHAT TO REPORT AS SUSPECTED IMPROPER USE OF DOCUSIGN A customer suspected of fraud or illegal activity can be reported to DocuSign if they are in violation of DocuSign sites and services terms and conditions. Remain vigilant if a request is received from a sender you do not recognize or if you were not expecting documents sent via DocuSign. Fraudsters use various scam tactics to lure people into providing sensitive information or money. See the section below on Trends, tactics, activity and themes for more information. Always use caution when clicking on links, even from within a DocuSign document. Bad actors may leverage our product to phish recipients or send embedded malware. We ask that any malicious link sent through an actual DocuSign envelope be reported to us immediately for investigation at security@docusign.com. How to identify an email coming from an actual DocuSign customer account DocuSign customer envelope emails will always come from @docusign.net email address and most will contain a 32-character security code in the bottom portion of the email under the “Alternate Signing Method” section shown in the image below. If you are suspicious of a DocuSign envelope's authenticity, we recommend you access the envelope directly from DocuSign.com. For more information, visit our Alternative Signing Method Security Code Access page. All DocuSign envelope email notifications contain a link that takes you to the DocuSign site to review the document. To review and verify that the link is directing you to a DocuSign site, hover over it without clicking on it (see below). A DocuSign site link will begin with “https://www.docusign.net”. The link may also include a prefix of one of our other server designations ‘na2’, ‘na3’, ‘na4’, ‘au’, ‘ca’, ‘eu’ or demo (e.g. https://na2.docusign.net). IMPORTANT: Use caution when hovering over the link to avoid clicking on it. WHAT NOT TO REPORT AS IMPROPER USE OF DOCUSIGN Misaddressed email notifications A misaddressed email is not a clear indication of fraudulent activity. If you receive an envelope email notification in error, follow the Decline to sign instructions. Gmail users, visit the Gmail Help Center for more information on why you may be receiving wayward envelopes. Imitation DocuSign email notification (non-customer activity) Do not report imitation DocuSign emails including spoof or look-alike, as improper use of DocuSign. Scammers may create look-alike email addresses/domains (e.g., docu-sign.com, docus1gn.com, docusigh.com, etc.) in an attempt to impersonate DocuSign emails. Avoid imitation links by accessing your documents directly from https://www.docusign.com using the unique security code found at the bottom of the DocuSign notification email. To report imitation of DocuSign, forward the email as an attachment to spam@docusign.com. Unwanted emails or excessive reminders If you are receiving unwanted DocuSign emails,report them using the appropriate reason selection in the Report Abuse form shown below in Figure 2. HOW TO REPORT If you receive an envelope email notification from DocuSign, you can report the activity using the Report this email link found under the Stop receiving this email section at the bottom of the email (Figure 1). Figure 1 Clicking on the link takes you to our Report Abuse form where you can report various types of abuse, including fraud and illegal activity. Figure 2 Selecting the reason "I believe this is fraudulent or contains illegal content." from the Report Abuse (Figure 2 above) form will take you to the DocuSign portal to file a report online, which allows complainants to provide critical details needed for DocuSign to investigate and take appropriate actions (Figure 3). The portal can also be accessed directly at https://docusign.i-sight.com/portal/reportonline?lang=en_US&theme=DocuSign Figure 3 Please note that DocuSign doesn't access envelope contents, even if authorized by the customer or recipient/complainant. Supporting evidence is often necessary to assess the severity of the violation and further substantiates the allegation details provided. WHAT INFORMATION IS COLLECTED AND WHY DocuSign collects critical details about the activity to effectively investigate and mitigate fraud on our platform. The information helps identify the account holder, related envelope activity and serves as evidence supporting any necessary actions, such as closing an offending account. What we ask for: * Your full name and contact information * Envelope ID or security code * Supporting documents (attachments, screenshots, forms, etc.) * Customer/sender name (business/individual) and email address * Any other known customer/sender identifiers (e.g. physical address, phone number, etc.) * Thorough description of what happened * Other pertinent information TRENDS, TACTICS, ACTIVITY AND THEMES Trends and tactics to watch out for: * Too good to be true prices or offers * Site unseen rentals or sales * Tech support (pop-ups) or subscription renewal claiming affiliation to a well-known company * Loan offer or debt relief requiring upfront fees * Sense of urgency, harassment or threatening tactics * Job offers from businesses with little to no public information * Economic or hardship leveraging opportunities (e.g. pandemic, investment) Be cautious of the following types of activity and themes: * Impersonation of an individual, business, financial institution, government or other organization * Elder exploitation * False affiliation claims * Improper solicitation of personally identifiable information (PII). Examples of PII include: * SSN or other national identification number * Date of Birth * Bank account number * Credit card number * Telephone number * Medical record number * Phishing/malware * Pyramid schemes * Prolific scams (employment, investment, lending, real estate, sales, tech support, travel, debt relief, etc.) FOLLOW-UP REPORT How to provide more information To provide additional information for a previously filed complaint, please return to the portal (https://docusign.i-sight.com/portal/reportonline?lang=en_US&theme=DocuSign) to complete a follow-up report. To ensure the new information is linked to the original report, please have the reference number that was originally provided to you. Investigation status and updates Our Terms & Conditions restrict us from disclosing user data. This means we do not respond to complainants with investigation status or outcomes. FRAUD SPECIFIC ALERTS Phishing campaigns: August 4, 2022 March 2, 2023 July 27, 2023 ADDITIONAL RESOURCES DOCUSIGN * Security Incidents * How to Avoid Phishing Scams * Law Enforcement Guidelines * Privacy Notice REPORT CRIMES DocuSign will not contact law enforcement on behalf of a potential victim. If you believe a crime was committed, report it to the appropriate authorities. Review the links below for some larger government agencies you should report to in addition to local law enforcement (city/state/province). If you are unsure, contact your local authorities for additional guidance. United States (US) Internet fraud or cyber crime (including spoofing and phishing) Internet Crime Complaint Center (IC3) Scams, fraudulent businesses or unwanted calls Federal Trade Commission (FTC) Identity theft (visit the Identity Theft webpage for more information) FTC ID Theft Non-US International scams eConsumer.gov Fraud and cyber crimes ActionFraud Financial fraud scams (unauthorized firm or individual) Financial Conduct Authority (FCA) PRODUCTS * eSignature * Contract Lifecycle Management * Document Generation * Contract Analytics * All Products PLANS & PRICING * eSignature Plans * Real Estate Plans * API Plans INDUSTRIES * Financial Services * Insurance * Real Estate * Government * All Industries USE CASES * Sales * Human Resources * Procurement * Legal * All Use Cases BUSINESS SIZE * Enterprise * Small Business * Individuals PARTNERS * Partners Overview * Partners Login * ISV Embedded Signing DEVELOPERS * Developer Center * API Overview * Free Developer Account * Open Source SUPPORT * Customer Success * Get Support * Introduction to eSignature * Knowledge Market * DocuSign University * Community RESOURCES * Resource Center * Blog * Events * Webinars * Customer Stories * Product Releases * Legality Guide * Trust Center * Trust Portal COMPANY * About Us * Leadership * Careers * Talent & Career Development * Benefits * Diversity & Inclusion * Investor Relations * News Center * DocuSign for Forests * DocuSign Impact * DocuSign Momentum * Contact Us * Accessibility United StatesCanada - EnglishCanada - françaisFranceAustralia日本BrasilNederlandDeutschlandUnited KingdomEspañaIndiaItaliaMéxicoMalaysia - EnglishPhilippines - EnglishSingapore - EnglishTaiwan - English FacebookTwitterYouTubeLinkedIn * Terms of Use * Privacy Notice * Notice to California Residents * Cookies Settings * Intellectual Property * Modern Slavery Act Statement © DocuSign, Inc. 2024 By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies PRIVACY PREFERENCE CENTER When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information Allow All MANAGE CONSENT PREFERENCES STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Back Button COOKIE LIST Search Icon Filter Icon Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Reject All Confirm My Choices