Medium riskEmail Scams

Fake DocuSign Email Scam

This scam sends a fake 'you have a document to review and sign' email with a 'View Document' link that leads to a credential-harvesting page or to malware instead of a genuine document.

Quick verdict

Risk level
Medium risk
Scam type
Document phishing scam
Main red flag
An unexpected document-to-sign email with a 'View Document' link from a sender you do not recognise.
What to do first
Do not click the link. If you use DocuSign, check by logging in directly with the access code method.

What this scam usually looks like

This scam sends a fake 'you have a document to review and sign' email with a 'View Document' link that leads to a credential-harvesting page or to malware instead of a genuine document.

Example message pattern

Example pattern — not a real report
Example pattern: 'DocuSign: You have received a document that requires your signature. Please review and sign: [suspicious link]. This document will expire soon.'

This is a fictional, anonymised example used to illustrate the pattern. It is not a verified real message, and any names are used only to show how the scam typically reads.

Red flags to watch for

  • An unexpected document you were not told to expect from anyone
  • A vague sender or company name you do not recognise
  • A 'View Document' link that does not lead to the official docusign.com domain
  • Pressure that the document will 'expire' or must be signed urgently
  • A prompt to log in with your email password to view the file

What to do

  • Do not click the link or sign in to view the document
  • If you expected something, contact the sender through a known, separate channel to confirm
  • Open DocuSign directly and use its access-code feature to find genuine documents
  • Report the email as phishing and then delete it

If you already clicked or replied

  • Do not enter any login details or download any attachment
  • If you entered a password, change it and anywhere you reused it
  • Run a security scan if a file downloaded to your device
  • Turn on two-step verification on your email and watch for unusual activity

What not to do

  • Do not enable macros or 'editing' in any downloaded document
  • Do not reply with personal or company information
  • Do not forward the document to colleagues before confirming it is genuine

Similar scams

Medium risk Email

Fake Invoice Email Scam

This scam emails an invoice or receipt for something you did not buy, hoping you call a fake 'support' number or click a link to dispute it.
High risk Email

Microsoft Account Email Scam

This scam sends a fake Microsoft or Outlook email about an unusual sign-in or an account about to be closed, linking to a fake Microsoft login page that captures your email and password.
Medium risk Email

Fake LinkedIn Email Scam

This scam sends fake LinkedIn notification emails, such as a new message, appearing in searches or a job offer, with links to phishing pages that steal your login or push you toward fake recruiters.

Frequently asked questions

How do real DocuSign requests work?
Genuine documents can be opened on the official DocuSign site using a unique access code, without entering your email password. An email asking for your password to view a file is a warning sign.
It looks like it came from a real company, is it safe?
Scammers often spoof familiar names and copy DocuSign's layout. Treat an unexpected request cautiously and confirm with the supposed sender before opening anything.
Why is this scam used against businesses?
Staff are used to signing documents, so a fake request can seem routine. Stolen logins can then be used to access email, payroll or company systems.
What if I clicked but did not sign in?
Avoid entering any details, close the page and scan your device if anything downloaded. As a precaution, change your email password and switch on two-step verification.

Last reviewed: June 2026

Disclaimer: This page provides educational information only to help you recognise common scam patterns. It is not legal, financial, cybersecurity, or law enforcement advice, and it does not confirm whether any specific message, company, or person is genuine or fraudulent. When in doubt, contact the official organisation directly and report concerns to your local authorities.