The provider of eSignature security and compliance DocuSign, is tracking a malicious email campaign where the subject reads: "Completed: docusign.com - Wire Transfer Instructions for recipient-name Document Ready for Signature".
DocuSign Malicious Email Campaign
The email contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware. These emails are not associated with DocuSign. They originate from a malicious third-party using DocuSign branding in the headers and body of the email. The emails are sent from non-DocuSign-related domains including firstname.lastname@example.org (note the missing "I"). Legitimate DocuSign signing emails come from @docusign.com or @docusign.net email addresses.
Please remember to be particularly cautious if you receive an invitation to sign or view a Document you are not expecting. If you have received a copy of the above email, DO NOT OPEN ANY ATTACHMENTS. Instead, forward the email to email@example.com and then immediately delete the email from your system.