Apple Pay Docusign Email Is a Scam
Did you know that you can customize Google to filter out unwanted results? Follow these steps to improve your search results, including adding Lifehacker as your preferred source for tech news .
If you receive an unsolicited email claiming to be from Docusign, don’t trust it without checking its source. Scammers are once again posing as an e-signature provider in a phishing campaign, tricking recipients into thinking there’s something wrong with their Apple Pay accounts.
Docusign is no stranger to scams : scammers often exploit the company’s reputation by posing as real people and organizations, sending links to (fake) invoices, refund notices, employment contracts, and even legal documents in the hopes of collecting sensitive information.
How the Docusign Apple Pay Scam Works
The latest Docusign scam, spotted by AppleInsider and CyberGuy , starts with an email that at first glance looks like a receipt for a subscription paid for via Apple Pay. The email features the Apple and Docusign logos, as well as an order ID. The message suggests calling Apple support if you don’t know where to start.
The phone number obviously doesn’t belong to Apple — instead, you’ll be taken to scammers who will try to trick you into giving away information like your Apple ID and bank account number, convince you to download remote access software, or demand payment to protect your account. Phishing emails also often contain malicious links or attachments.
Docusign Scam Red Flags
Like all scams, this one plays on emotions like fear and the desire to urgently fix a perceived problem with your account. It also relies on users’ trust in the brands it’s impersonating to increase the likelihood of engaging with them.
There are a few other ways to tell if this campaign is a scam. First, the message doesn’t come from an official Apple or Docusign domain — the emails sent to AppleInsider were sent from a Gmail address. (Note that sender names can contain similar characters , making them difficult to spot and allowing spam filters to bypass.) Second, large companies don’t use Docusign to send receipts or invoices. If you compare your App Store or Wallet transactions, you won’t spot a fake email.
As a general rule, you should not use any Docusign material that you did not know about before receiving it. Always go directly to the company’s website or app to sign in to your account or find contact information to verify any suspicious claims. You can report fake Docusign emails to spam[at]docusign[dot]com.