DocuSign Branding Changes – Make Sure to Verify Senders
With DocuSign’s new branding changes, the risk for cybercriminals taking advantage of unsuspecting users rises. Make sure to implement rigorous internal controls to verify any DocuSign email before clicking on any link.
ACTION STEPS:
- Senders: If you are sending documents through DocuSign for signature, it is best practice to notify your recipient that you are sending the documents before sending so that they know to expect the documents.
- Recipients: If you are a recipient of documents for signature through email from DocuSign or any other signature application, always pause and do not click on any link (even if the email looks official) and verify personally with the sender that the email is legitimate.
If you receive a suspicious email that you are not suspecting and cannot personally verify with the sender, report to your designated IT/Security staff, or use the ‘Phish Alert Button” if installed for your email.
See our CTR Cyber page for more cybersecurity internal controls and contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.