Hello @Joe Chambers ,
Welcome to the Docusign Community and thank you for posting your concerns!
I’m sorry to hear that you are getting suspicious emails, we do appreciate you letting us know about these bad actors. I understand you have further questions regarding the response time of our team encharge of the spam and phishing emails.
For privacy reasons we do not respond to complainants with investigation status or outcomes from emails sent to that alias, you can find this information in the following article under the “Fraud” section: Docusign Legal FAQ
Also, the following article can go more in depth on how to spot suspicious emails: What should I do if I receive a suspicious email?
Let us know if you need further assistance with this.
Best regards,
Nathaly | Docusign Community Moderator
"Select as Best" below if you find the answer a valid solution to your issue!
While this is a solution to help prevent issues from occurring, it does not help us determine who sent the messages and how we can prevent them in the future. This seems to be a common response that you are giving to anyone who logs a phishing ticket.
Does DocuSign have a policy regarding phishing and if so, what happens to user accounts found to violate the policy? Since phishing is different from spam and more dangerous I thought I’d check.
Hello @Joe Chambers ,
Welcome to the Docusign Community and thank you for posting your concerns!
There is also the “Combating Phishing: A Proactive Approach” whitepaper available here: https://www.docusign.com/sites/default/files/docusign_combating_phishing_whitepaper.pdf
Please click the link for up-to-date information on how to let Security know about phishing or fraud attempts and how to identify such emails: https://www.docusign.com/trust/security/incident-reporting
We do have a policy that the Fraudulent Investigation Team follows. So, there can be two kinds of attack:
- On-product attack - where a fraudster can create an account on Docusign and start sending SMS that contains phishing links. These are easy to detect (given we have proper telemetry), and we close them with the help of the Fraud Investigation team.
- Off-product attack - This is difficult as it happens off-product. Here, an abuser pretends (imitation) that the SMS is coming from DocuSign, and the victim clicks on the link and gets phished. For that we have Guidelines on how to detect them so that you can report them and it can be investigated properly.
Let us know if you need further assistance with this.
Best regards,
Nathaly | Docusign Community Moderator
"Select as Best" below if you find the answer a valid solution to your issue!
Hello @Joe Chambers ,
If you found my response to be a useful solution to your question, please mark it as the best answer by clicking “Select as Best” to make it easier for other users to find.
Best regards,
Nathaly | Docusign Community Moderator
"Select as Best" below if you find the answer a valid solution to your issue!