Here at the Seniors Discount Club, we're all about keeping our members updated regarding the latest scams and tricks cybercriminals are running — so today, we have another critical warning.

Online security solutions provider MailGuard is alerting Aussie workers (and recent retirees) of a new DocuSign email scam that could put your personal information at risk.

DocuSign is an online service where people can view and sign agreements electronically.

It eliminates the need for hard copies and comes with the convenience of online services, such as easier accessibility and storage, which is why it’s unsurprising that many businesses use it.

Unfortunately, scammers have taken note of that fact too.

An online security solutions firm has warned against a new scam using a popular electronic document service. Image Credit: MailGuard

‘The email looks similar to what you would expect from a DocuSign alert and uses its logo and disclaimers,’ MailGuard said.

‘The email lands in inboxes with the subject line “Reminder: Please DocuSign: [Company Name] Payslips/ Payroll – February 2023”.’

‘In the header, the recipient is informed “[Company Name] sent you a document to review and sign”.’

According to MailGuard, the attack uses the target’s workplace (former or current) or business name to convince victims of its legitimacy.

‘They’ve attempted to make the email appear as though it’s a business alert by making the sender name “[Company Name] Docs”,’ the firm said.

‘The attacker has also made it appear as though the email has been sent from an account at the recipient’s company, adding further plausibility to this being a genuine alert. ‘

In the email, the victim is directed to the ‘Review Documents’ button, which is where the trap springs into place.

After clicking on the link, MailGuard says they will be taken on what appears to be a login screen for Microsoft Office 365. Their passwords will be required.

‘If the victim enters their password, they’re shown an error message which states that their password is incorrect,’ MailGuard said.

‘At this point, their credentials have been harvested by the hacker.’

An unsuspecting user would probably try again and again or even give up and decide to try again later, but MailGuard pointed out that scammers may very well have already breached the victim’s account once they entered their password the first time.

The new DocuSign scam email recipient will be instructed to enter their password in a fake Microsoft Office 365 login page. Image Credit: MailGuard

‘In this time, the hacker may be logging onto their account and accessing sensitive emails and files, or communicating with other employees, clients, or suppliers in business email compromise attacks,’ the firm said.

‘MailGuard advises all recipients of this email to delete it immediately without clicking on any links.’

‘Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its financial well-being. ’ 

Key Takeaways

• MailGuard is warning Aussies about a DocuSign email scam that is tricking workers into opening what they believe is a company payslip.
• The scam email has the subject line: 'Reminder: Please DocuSign [Company Name] Payslips/Payroll - February 2023'.
• After clicking the link, the worker is taken to the phishing site that copies the Microsoft Office 365 login page.
• If you receive this email, MailGuard said to 'delete it immediately' and to not click on any links.

According to data from Scam Watch, Australians lost an estimated $24.6 million to similar phishing scams in 2022.

Phishing scams like this most recent one delivered via email were the third highest in terms of the amount lost at $3.6 million.

Text messages and scam calls were the top phishing scam methods for last year, with the two modes said to have led to the loss of $17 million to scammers.

We strongly urge all of our members to be very vigilant in line with scam emails like this one and to steer clear of any suspicious messages or links.

Odd grammar and source are dead giveaways that an email is potentially a scam designed to trick you into giving away your personal information. Image Credit: Seniors Discount Club

As always, watch out for the classic warning signs of scams, like poor wording and a strange urgency to any form of communication sent.

Don’t hesitate to reach out to authorities in the event that you find yourself targeted by a scam.

In the digital age we live in, these scam emails are moving at warp speed – and so it’s essential to stay ahead of the game.

In the meantime, you could check out other recent scams at our Scam Watch forum:

• ‘Please…it’s all I have.’ How one mistake cost this man $30k in life savings
• DHL delivery scam email
• Another myGov scam...

So, what are your thoughts about this? Have you or anyone you know received a similar suspicious email sent via DocuSign?

Tell us your experiences and opinions below!

Please share this story as well with family and friends so they can be warned.

 

[Granny*Deb]

How sad is it that we have had to become so vigilant in every aspect of our lives. You need to be on the ball 24/7. Please don't take risks folks. Every day we read how easily people are being duped by these unscrupulous rapscallions who really don't care of the repercussions against the poor souls they are frauding.
I felt so sad when I read of a poor woman in her 60's who was duped out of her savings and superannuation. She left a note saying now she was totally penniless with bills mounting up that she'd never be able to pay and she felt so foolish that she took her own life.
Don't click on links in emails from companies or people you do not know. Never give any personal information, passwords or banking details. Diligently check the authenticity of emails or callers identification before you even consider handing over your sensitive information. So what if you make calls and take hours confirming legitimacy, definitely better to be safe than sorry.

 

[Parrot]

I have had 2 E -M within a month of each other with a notification regarding a REFUND.
from the ATO one could tell this was not genuine as the ATO would not send E - M as such
one would have to go through MY GOV.. YES they have also tried posing as MY GOV. Which again one knows MY GOV do not identify what they would like to divulge one has to LOG IN FIRST..
I forward these type messages to the ACCC even if they are duplicated. They acknowledge receipt immediately which gives one comfort knowing someone is at hand.

 

[Luckyus]

Here at the Seniors Discount Club, we're all about keeping our members updated regarding the latest scams and tricks cybercriminals are running — so today, we have another critical warning.

Online security solutions provider MailGuard is alerting Aussie workers (and recent retirees) of a new DocuSign email scam that could put your personal information at risk.

DocuSign is an online service where people can view and sign agreements electronically.

It eliminates the need for hard copies and comes with the convenience of online services, such as easier accessibility and storage, which is why it’s unsurprising that many businesses use it.

Unfortunately, scammers have taken note of that fact too.

View attachment 14087

An online security solutions firm has warned against a new scam using a popular electronic document service. Image Credit: MailGuard

‘The email looks similar to what you would expect from a DocuSign alert and uses its logo and disclaimers,’ MailGuard said.

‘The email lands in inboxes with the subject line “Reminder: Please DocuSign: [Company Name] Payslips/ Payroll – February 2023”.’

‘In the header, the recipient is informed “[Company Name] sent you a document to review and sign”.’

According to MailGuard, the attack uses the target’s workplace (former or current) or business name to convince victims of its legitimacy.

‘They’ve attempted to make the email appear as though it’s a business alert by making the sender name “[Company Name] Docs”,’ the firm said.

‘The attacker has also made it appear as though the email has been sent from an account at the recipient’s company, adding further plausibility to this being a genuine alert. ‘

In the email, the victim is directed to the ‘Review Documents’ button, which is where the trap springs into place.

After clicking on the link, MailGuard says they will be taken on what appears to be a login screen for Microsoft Office 365. Their passwords will be required.

‘If the victim enters their password, they’re shown an error message which states that their password is incorrect,’ MailGuard said.

‘At this point, their credentials have been harvested by the hacker.’

An unsuspecting user would probably try again and again or even give up and decide to try again later, but MailGuard pointed out that scammers may very well have already breached the victim’s account once they entered their password the first time.

View attachment 14088

The new DocuSign scam email recipient will be instructed to enter their password in a fake Microsoft Office 365 login page. Image Credit: MailGuard

‘In this time, the hacker may be logging onto their account and accessing sensitive emails and files, or communicating with other employees, clients, or suppliers in business email compromise attacks,’ the firm said.

‘MailGuard advises all recipients of this email to delete it immediately without clicking on any links.’

‘Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its financial well-being. ’ 

Key Takeaways

• MailGuard is warning Aussies about a DocuSign email scam that is tricking workers into opening what they believe is a company payslip.
• The scam email has the subject line: 'Reminder: Please DocuSign [Company Name] Payslips/Payroll - February 2023'.
• After clicking the link, the worker is taken to the phishing site that copies the Microsoft Office 365 login page.
• If you receive this email, MailGuard said to 'delete it immediately' and to not click on any links.

According to data from Scam Watch, Australians lost an estimated $24.6 million to similar phishing scams in 2022.

Phishing scams like this most recent one delivered via email were the third highest in terms of the amount lost at $3.6 million.

Text messages and scam calls were the top phishing scam methods for last year, with the two modes said to have led to the loss of $17 million to scammers.

We strongly urge all of our members to be very vigilant in line with scam emails like this one and to steer clear of any suspicious messages or links.

View attachment 14145

Odd grammar and source are dead giveaways that an email is potentially a scam designed to trick you into giving away your personal information. Image Credit: Seniors Discount Club

As always, watch out for the classic warning signs of scams, like poor wording and a strange urgency to any form of communication sent.

Don’t hesitate to reach out to authorities in the event that you find yourself targeted by a scam.

In the digital age we live in, these scam emails are moving at warp speed – and so it’s essential to stay ahead of the game.

In the meantime, you could check out other recent scams at our Scam Watch forum:

• ‘Please…it’s all I have.’ How one mistake cost this man $30k in life savings
• DHL delivery scam email
• Another myGov scam...

So, what are your thoughts about this? Have you or anyone you know received a similar suspicious email sent via DocuSign?

Tell us your experiences and opinions below!

Please share this story as well with family and friends so they can be warned.

The only funds I get are my measly fortnightly age pension, so anything else is bullshit. pure and simple.

 

[robbie's]

How sad is it that we have had to become so vigilant in every aspect of our lives. You need to be on the ball 24/7. Please don't take risks folks. Every day we read how easily people are being duped by these unscrupulous rapscallions who really don't care of the repercussions against the poor souls they are frauding.
I felt so sad when I read of a poor woman in her 60's who was duped out of her savings and superannuation. She left a note saying now she was totally penniless with bills mounting up that she'd never be able to pay and she felt so foolish that she took her own life.
Don't click on links in emails from companies or people you do not know. Never give any personal information, passwords or banking details. Diligently check the authenticity of emails or callers identification before you even consider handing over your sensitive information. So what if you make calls and take hours confirming legitimacy, definitely better to be safe than sorry.

What a truley sad story about the woman who took here own life
So sad. Thanks for sharing xxx

 

[freedy50]

I've just got 5 phishing/junk emails which I reported and that then deletes them. Seems to have happened a lot over the last week.

I think somewhere on the dark web my email addresses may have been compromised? I'll have to check.

 

[Maicar]

Here at the Seniors Discount Club, we're all about keeping our members updated regarding the latest scams and tricks cybercriminals are running — so today, we have another critical warning.

Online security solutions provider MailGuard is alerting Aussie workers (and recent retirees) of a new DocuSign email scam that could put your personal information at risk.

DocuSign is an online service where people can view and sign agreements electronically.

It eliminates the need for hard copies and comes with the convenience of online services, such as easier accessibility and storage, which is why it’s unsurprising that many businesses use it.

Unfortunately, scammers have taken note of that fact too.

View attachment 14087

An online security solutions firm has warned against a new scam using a popular electronic document service. Image Credit: MailGuard

‘The email looks similar to what you would expect from a DocuSign alert and uses its logo and disclaimers,’ MailGuard said.

‘The email lands in inboxes with the subject line “Reminder: Please DocuSign: [Company Name] Payslips/ Payroll – February 2023”.’

‘In the header, the recipient is informed “[Company Name] sent you a document to review and sign”.’

According to MailGuard, the attack uses the target’s workplace (former or current) or business name to convince victims of its legitimacy.

‘They’ve attempted to make the email appear as though it’s a business alert by making the sender name “[Company Name] Docs”,’ the firm said.

‘The attacker has also made it appear as though the email has been sent from an account at the recipient’s company, adding further plausibility to this being a genuine alert. ‘

In the email, the victim is directed to the ‘Review Documents’ button, which is where the trap springs into place.

After clicking on the link, MailGuard says they will be taken on what appears to be a login screen for Microsoft Office 365. Their passwords will be required.

‘If the victim enters their password, they’re shown an error message which states that their password is incorrect,’ MailGuard said.

‘At this point, their credentials have been harvested by the hacker.’

An unsuspecting user would probably try again and again or even give up and decide to try again later, but MailGuard pointed out that scammers may very well have already breached the victim’s account once they entered their password the first time.

View attachment 14088

The new DocuSign scam email recipient will be instructed to enter their password in a fake Microsoft Office 365 login page. Image Credit: MailGuard

‘In this time, the hacker may be logging onto their account and accessing sensitive emails and files, or communicating with other employees, clients, or suppliers in business email compromise attacks,’ the firm said.

‘MailGuard advises all recipients of this email to delete it immediately without clicking on any links.’

‘Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its financial well-being. ’ 

Key Takeaways

• MailGuard is warning Aussies about a DocuSign email scam that is tricking workers into opening what they believe is a company payslip.
• The scam email has the subject line: 'Reminder: Please DocuSign [Company Name] Payslips/Payroll - February 2023'.
• After clicking the link, the worker is taken to the phishing site that copies the Microsoft Office 365 login page.
• If you receive this email, MailGuard said to 'delete it immediately' and to not click on any links.

According to data from Scam Watch, Australians lost an estimated $24.6 million to similar phishing scams in 2022.

Phishing scams like this most recent one delivered via email were the third highest in terms of the amount lost at $3.6 million.

Text messages and scam calls were the top phishing scam methods for last year, with the two modes said to have led to the loss of $17 million to scammers.

We strongly urge all of our members to be very vigilant in line with scam emails like this one and to steer clear of any suspicious messages or links.

View attachment 14145

Odd grammar and source are dead giveaways that an email is potentially a scam designed to trick you into giving away your personal information. Image Credit: Seniors Discount Club

As always, watch out for the classic warning signs of scams, like poor wording and a strange urgency to any form of communication sent.

Don’t hesitate to reach out to authorities in the event that you find yourself targeted by a scam.

In the digital age we live in, these scam emails are moving at warp speed – and so it’s essential to stay ahead of the game.

In the meantime, you could check out other recent scams at our Scam Watch forum:

• ‘Please…it’s all I have.’ How one mistake cost this man $30k in life savings
• DHL delivery scam email
• Another myGov scam...

So, what are your thoughts about this? Have you or anyone you know received a similar suspicious email sent via DocuSign?

Tell us your experiences and opinions below!

Please share this story as well with family and friends so they can be warned.

Yep, got one of these last week and as we were waiting on insurance assessors to Email us, I flicked it open, but stopped doing anything more when it asked for our software account details. Thought why would insurance assessor want those, def decided was SCAM.