Skip to content
Get A Quote
All posts

The Rise of DocuSign Phishing: What You Need to Know

docusign
Picture of Jason Miller By  Jason Miller  ·  1 minute read

Phishing isn’t new, but attackers are getting smarter about where they strike. One of the latest hot spots? DocuSign.

For many organizations, DocuSign is a trusted tool. Contracts, approvals, and invoices move through it daily, and most people click those notifications without hesitation. That’s exactly why attackers are leaning into DocuSign-themed phishing: they know you’re primed to act quickly.

Why DocuSign Is Being Targeted

  • It’s familiar. Most employees have signed something through DocuSign at least once, which makes the emails seem routine.

  • It’s urgent. “Sign this contract” or “Review this invoice” feels like a task you should do right away.

  • It’s trusted. Messages that look like they came from DocuSign often slip past both security filters and human skepticism.

How These Scams Work

Recent DocuSign phishing attempts aren’t the old-fashioned “bad logo and spelling errors” type. Attackers are using more advanced tricks, including:

  • Realistic invoices and contracts generated through compromised DocuSign accounts or fake templates.

  • PDFs with redirect links that send you to credential-stealing sites hosted on platforms like JotForm or Webflow.

  • OAuth consent phishing, where a fake DocuSign app asks you to grant permissions that give attackers access to your mailbox or files—even if you use MFA.

  • Redirect and CAPTCHA layers that help the malicious site dodge detection tools.

In short: the emails look good, the links look convincing, and by the time you realize something’s wrong, attackers may already have your credentials or access to your data.

What To Watch For

If you or your team use DocuSign regularly, pay extra attention to:

  • Requests for invoices or signatures you weren’t expecting.

  • DocuSign emails that don’t show your name in the “To” field.

  • Attachments or links that point to non-DocuSign domains.

  • OAuth consent screens asking for broad access to your mailbox or files.

When in doubt, don’t click. Go directly to docusign.com and log in from there.

Steps To Protect Your Organization

  • Verify requests. If you get an invoice or contract you weren’t expecting, confirm with the sender by phone.

  • Train your team. Show employees what a real DocuSign request looks like versus a fake.

  • Strengthen authentication. Use phishing-resistant MFA methods like hardware keys or passkeys.

  • Lock down app permissions. Require admin approval for third-party apps requesting broad access.

  • Enable DMARC enforcement. This reduces the chances of attackers spoofing your domain.

The Bottom Line

DocuSign remains a valuable business tool—but it’s now a favored disguise for cybercriminals. Staying alert, verifying before you click, and tightening your defenses are the best ways to keep these scams from landing.