Beware Phony DocuSign Phishing Scam
The Alberta Lawyers Insurance Association released this warning on March 5, 2018.
The Alberta Lawyers Insurance Association (ALIA) has learned of a very convincing email scam that is trying to lure lawyers into giving away their passwords or installing malware by way of fake DocuSign requests. Lawyers have been receiving emails from a sender who wants to use DocuSign to share document files. The sender asks the lawyer to click on a link to access the document. Even though the sender appears to be a verified lawyer with a verified email address, do not open this link.
The goal of the scam is to have the lawyer sign in via a fake login page to retrieve the shared documents. Once this occurs, the scammer has everything they need to have access to your email account. From there, they can sell your email credentials, use your address to send fake DocuSign requests to others, and even gain access to your other online accounts (including bank accounts) by searching for other passwords and utilizing websites; forgot password features.
Action to be taken:
If you or your law firm receive any request to open a shared document via a program such as DocuSign, consider the possibility that a fraudster is at work. Satisfy yourself that the instructions are legitimate through direct, in-person contact with the client, by verified client contact information. To protect yourself, follow these Client Identification and Verification Rules. We also recommended that your firm establish protocols for accessing shared documents via the web and adhere to them.
Other ways to protect yourself include:
- Watch for spelling and formatting errors.
- Check embedded hyperlinks by hovering your mouse over the link to verify the address.
- Be wary of clicking on any attachments or links, they may contain viruses, malware and spyware.
- Protect your computer with anti-virus software, spyware filters, email filters and firewall programs.
- Ensure your anti-virus software is active and up to date. Regularly schedule scans to search and remove already existing malware.
- Keep your operating system and software up to date.
- Make regular back-ups of important files.
How to Handle a Real or Suspected Fraud
If you have been targeted by this fraud, please forward any of the emails and supporting documents that you have received to [email protected]. We use this information for the warnings we post on AvoidAClaim. We do not disclose the names of firms that have provided us with information.